[Gllug] Strange data from mrtg

Dave Cross dave at dave.org.uk
Fri Jan 30 15:30:41 UTC 2009

Richard Jones wrote:
> On Wed, Jan 28, 2009 at 12:26:05PM +0000, Dave Cross wrote:
>> Happy to supply any other details that might be useful.
> Have you managed to actually capture any of the traffic?
> Dest IP addresses and port numbers will probably give you an idea of 
> what sort of traffic it is.

No. Monitoring the network with iftop, wireshark and other similar tools
doesn't show the traffic. The only evidence I have for it is in the mrtg

But as mysteriously as it appeared, it went away again at 6:35 yesterday
morning. I shall be watching very carefully in the future though.

> "Locking down" MAC addresses is fairly useless BTW.  Your machines
> broadcast their MAC addresses, and it is trivial for someone to change
> their own MAC to attach to your AP.  I guess you know this already ...

Yeah, I thought about that. But I have tied IP addresses to MAC
addresses. So if someone is trying to reuse one of my MAC addresses then
I'll see (I hope) some kind of IP address clash issue.

But, yes, I agree. I should put something more substantial in place.


Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list