Is this an initial hack or setting up for hacking the network?

Is this an initial hack or setting up for hacking the network?
Is this an initial hack or setting up for hacking the network?
2020-03-21 02:28:20
Model: OC200
Hardware Version: V1
Firmware Version: 1.2.1 Build 20191126 Rel.59455

Hi guys,

 

I'm not sure if they are trying to hack or are looking for bugs in my WIFI network, but its very suspicious. 

 

 

I've observed that in the new firmware most of the clients that are auto-connect to the WIFI is none than the previous version or is it just me, but from their I'm greatful because I can monitor how many guest WIFI network are really connected. As that said I saw this Unknown hostname which is connected for more that 2hrs in the WIFI but didn't authenticate. I tried to force reconnect them and realized that they set their IP to static (my dhcp starts at x.x.x.20 but their ip are x.x.x.15-19 at first) so I banned it but after an hour or i saw another one connected and the first 3 mac address no is almost the same, I presume this is a pc or have an app that change its Mac address.

 

Its annoying that they are connected for several hours without authentication and scary that they are trying to hack the WIFI network? the network is in guess mode but no Vlan but I'm looking for a tut for Vlan setup.

 

Any input or help are welcome and thanks in advance.

 

Regards

0
0
#1
Options
4 Replies
Re:Is this an initial hack or setting up for hacking the network?
2020-03-23 01:20:13

@JessieG 

 

Don't worry about it, if the clients don't pass the authentication, they will not affect your network. 

Besides, according to the portal authentication, the AP will disconnect them if they don't pass the authentication in 90 seconds. 

0
0
#2
Options
Re:Is this an initial hack or setting up for hacking the network?
2020-03-23 02:00:45

if they don't pass the authentication in 90 seconds. 

@forrest 

 

Thats the problem, they are connected to the network for 4-6hrs already and when I checked the log and past authentication they didn't login. I think its because of the static IP add?

 

And the annoying part I got 3pages of blocked clients with the same first 3 Mac Address, I tried limiting the rate to 1kbps but they only change to another mac address. So annoying hope they can't do anything bad.

 

I'm trying yo look for anyway to ban a range mac address, is thay possible in EAP series? like Mac filter? but hopefully they won't affect my service and my customer.

 

Regards, 

0
0
#3
Options
Re:Is this an initial hack or setting up for hacking the network?
2020-03-24 00:31:05

@JessieG 

 

We have MAC Filter on the Controller.

0
0
#4
Options
Re:Is this an initial hack or setting up for hacking the network?
2020-03-24 05:16:28 - last edited 2020-03-24 05:18:13

@forrest 

 

Yup tried that but you can only add a single mac address at a time. I'm looking for a site to help me create a mac address range but someone replied it will take 16M mac address for creating just the 6 last digits. *toinks*

 

If this keeps up, I'll just need to create a more strict login implementation, like first time login need to register to me? or first time login needs to text me? a combination of 2 login portal? need to brain storm this and thanks!

0
0
#5
Options