Duplicated many Mac addresses

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
sn20202020
DD-WRT Novice


Joined: 13 Jun 2009
Posts: 5

PostPosted: Fri Jun 14, 2019 7:07    Post subject: Duplicated many Mac addresses Reply with quote
I have a rental property using Technicolor VDSL modem router, TG588v. Several tenants are using about 20 wifi devices and 2 Ethernet connected PCs.

When tenants complain the internet got very slow, I could remotely logged in and I found the Technicolor's event log hundreds of these ARP conflict messages;
Code:

Warning    Jun 8 22:00:19   ARP : conflict detected on interface LocalNetwork for

address 192.168.1.67, switch entry state to PROBING
Warning    Jun 8 21:59:57   ARP : conflict detected on interface LocalNetwork for

address 192.168.1.64, switch entry state to PROBING
Warning    Jun 8 21:59:44   ARP : conflict detected on interface LocalNetwork for

address 192.168.1.81, switch entry state to PROBING
Warning    Jun 8 21:59:44   ARP : conflict detected on interface LocalNetwork for

address 192.168.1.73, switch entry state to PROBING
Warning    Jun 8 21:59:44   ARP : conflict detected on interface LocalNetwork for

address 192.168.1.73, switch entry state to PROBING
Warning    Jun 8 21:59:44   ARP : conflict detected on interface LocalNetwork for

address 192.168.1.73, switch entry state to PROBING
Warning    Jun 8 21:59:44   ARP : conflict detected on interface LocalNetwork for

address 192.168.1.73, switch entry state to PROBING
Warning    Jun 8 21:59:44   ARP : conflict detected on interface LocalNetwork for

address 192.168.1.73, switch entry state to PROBING
Warning    Jun 8 21:59:44   ARP : conflict detected on interface LocalNetwork for

address 192.168.1.73, switch entry state to PROBING
   



After restarted the Technicolor became normal, but once or twice a day, the same problems happened.

I suspected the Technicolor's router OS is not stable,
so I decided to make Technicolor modem router to be VDSL bridge mode, then added Linksys WRT54G2 / GS2 DD-WRT v24-sp2 (08/07/10) micro - build 14896.

Today the same internet slowness happened, I remotely logged in then restarted DD-WRT router only, but it was still slow, and found strange things;

- Active clients has many duplicated Mac addresses,
5B:09:27:27:56:46 this is not vendor assigned Mac.
- Strange ip address, 169.254.124.235

After I restarted both Technicolor modem and DD-WRT router, then became normal.

I guess, one of my tenants has virus in the PC or device.
Any thoughts?



0technicolor.jpg
 Description:
 Filesize:  346.67 KB
 Viewed:  262 Time(s)

0technicolor.jpg



ddwrt.jpg
 Description:
 Filesize:  376.27 KB
 Viewed:  262 Time(s)

ddwrt.jpg


Sponsor
Wildlion
DD-WRT User


Joined: 24 May 2016
Posts: 499

PostPosted: Fri Jun 14, 2019 13:11    Post subject: Reply with quote
First thing that I can tell you is the 169.254.0.0/16 is a link-local address, that is a self assigned address due to not reaching the dhcp server.

I am almost thinking that someone has set up a wireless router to bridge or act as an access point, or booster but has not configured it correctly.
sn20202020
DD-WRT Novice


Joined: 13 Jun 2009
Posts: 5

PostPosted: Fri Jun 14, 2019 17:45    Post subject: Reply with quote
Further investigation, I found something are connecting to the router

- with the unknown/random Mac addresses
- with several random "STATIC" IP addresses which are already assigned by the other DHCP devices.

Therefore the ip/Mac conflictions made the problem.

Now how can I find the device or solve this happening.
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Fri Jun 14, 2019 20:11    Post subject: Reply with quote
What this *might* be is a user using a wireless client bridge.

Many third-party firmware (including dd-wrt) implement a wireless client bridge by having the wireless client's MAC address *mask* the MAC addresses of the devices behind the bridge. IOW, from the perspective of the AP, it appears as if multiple devices/IPs are being assigned to the same MAC address. But that's not really the case. The bridge is just forcing all references to those IP back to its own MAC address so that it can eventually map its own MAC address back to the MAC address of the actual device.

This is akin to NAT'ing the private IP of your local devices w/ the public IP over the WAN. From the perspective of the internet side of the WAN, all traffic *appears* to be coming from one public IP, when it fact it's multiple private IPs behind that public IP.

IOW, this isn't necessarily a problem. And if it is the case this is a wireless client bridge, I would suggest to that user that he use a "routed" wireless client rather than a "bridged" wireless client. That would eliminate all those duplicate MAC addresses on the AP and provide him w/ better security. But it will make NO DIFFERENCE in terms of performance. Whatever performance issues you're having, this would NOT typically be the cause.

_________________
DD-WRT: DNS Leak Detection w/ VPNs (updated 6/5/19)
NEW SCRIPT!: ddwrt-mount-usb-drives.sh
NEW SCRIPT!: ddwrt-blacklist-domains.sh
NEW SCRIPT!: ddwrt-ovpn-remote-access.sh
NEW SCRIPT!: ddwrt-pptp-policy-based-routing.sh
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4227
Location: Netherlands

PostPosted: Sat Jun 15, 2019 9:03    Post subject: Reply with quote
Do you have a honeywell evo home system or the likes?

If so check that

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum