Rogue WiFi devices

[wkearney99]

Yes, /16 255.255.0.0 instead of /24 255.255.255.0 (and not a single host /32)
 
I know most networking isn't supposed to care about the subnet (other than it being necessary).  Any particular reason to use /22 instead of /16?  Although I suppose 1022 hosts is probably "more than enough".
 
How was multicast during the transition?  Stuff like SSDP, UPnP and other dynamic naming schemes that use it, any rough spots?

I've avoided IPv6 like the plague.  Oh, I let devices run it internally (with their defaults), but only ad-hoc and not actually DHCP leased.  I have enough headaches, if you know what I mean.  
 

 

[pete_c]

Yeah here keep my DHCP scopes very small on 4 subnets (also small) coming off of 4 PFSense LAN interfaces.  Sprinkle of multipe testing OpenWRT WAPs.
 
Have tested WiFi widgets but never left them on the network unless I can see them and control them. 
 
PFSense allows for much more than any off the shelf SOHO or WAP devices.

 

[wkearney99]

Agreed, I've had pfsense running on a Qotom Q3554 fanless i5 for about a year now.  Quite reliable and pretty easy to configure.
 

 

[pete_c]

Have a look at the arp cache on pfsense (diagnostics arp table)....you can sniff the network with PFSense....packet capture...
 
 

 

 

[pete_c]

Noticed here have two Comcast WAN ips showing up ARP...one is from my spoofed mac and one is from regular mac on modem...

 

[wkearney99]

I'm fortunate to not have to use Comcast as a provider.  None of their cable modem shenanigans.  I've got a straight ethernet connection to my FIOS optical box right into pfsense running native on the Q3554.  

I've used the pfsense logging data more than once in the past.  Haven't bothered much with the packet capture tools.  I've recently picked up a Ubiquiti switch (to go along with two new wireless access points).  At some point I want to get my 'shop' laptop set up be able to plug into and use mirrored ports to run wireshark. 
 
The downside to packet sniffing unknown devices, or 'somewhat known' devices is you're at the mercy of them actually passing packets when you're looking.  Otherwise you're dealing with the usual problem of storing and sifting through a firehose of packet data.  Or you fall down the rat hole of wasted time trying to cobble up some sort of monitoring/triggering/capturing scheme.

I'll likely just do my usual, walk around with a ping active on a my tablet and unplug shit until it stops.

 

[pete_c]

Still using a Motorola/Arris SBXX here and not a garbage combo stuff that Comcast pushes today. 
 
Actually here have never used any comcast combo provided stuff and always purchased my stuff a la cart.
 
BTW you can today still JTAG any ISP modem and replace the OS on the WAN side with something a bit more granular and adjustable but it is not recommended nor legal to do this.
 
Modems are all the same these days and utilize opensource software as an OS ...only thing is that you cannot see it.
 
It was the same when I started to use Verizon FIOS. 
 
The combo crap box was only used for television ethernet STBs and I bridged the WAN port to one ethernet port and went to an autonomous firewall which I guess you are doing today.

First Ubiquti WAP I owned redid the OS with OpenWRT because it did much more. Later on Ubiquiti added many features to the WAP OS and decided then to use their OS. Today in my sandbox of tinkering WiFi devices utilize OpenWRT WAPs just for testing these little devices and leave the main WAP's alone.

 

[wkearney99]

The combo crap box was only used for television ethernet STBs and I bridged the WAN port to one ethernet port and went to an autonomous firewall which I guess you are doing today.

 
The ActionTec's weren't totally horrible, but they were tedious to use.  Yes, their use of MOCA for set top boxes made for some interesting configuration adventures.  My solution was to toss all their boxes and just use Tivo DVRs instead.  Don't get VoD options without their set top boxes but have we no need for it, or any intention of paying Verizon to 'rent' any content.