1
I've found some ip address that's not in my DHCP range.. which is weird because I set my DHCP range 192.168.2.xxx but these ip have 172.xxx.x.xxx or 192.168.1.xxx range I want to block them, how? I'm using D-Link DIR-605L N 300 router.. Thanks.
Jonier
Posted 2012-12-11T13:22:32.640
Reputation: 11
1
First, note the "Helpful Hints" section of the page (top right). the NAPT page shows WAN->LAN connections, so most of the hosts on the list will be outside your network (and obiviously would not be assigned by your DHCP.). Also note, that each has a UDP Session count of 1. UDP is a connection-less protocol, so usually NAT treats each packet as a session, unless the packets are received in a timely manner on a port a packet was just sent out on.
The 192.168.x.y and 172.16.x.y addresses are likely your ISP network, since those are RFC1918 blocks and are not publicly routable. Many cable modems use the network 192.168.1.x. do a tracert to those hosts and see if they are on your providor network. they may be your ISPs DHCP and DNS servers since they are UDP streams.
since these connections are involving comms partners that are outside your network, you can block them at the firewall, by establishing a kill rule. check your router documentation for instructions as to how to set up the firewall, and kill those connections, even if they are solicited from inside your network. also make sure you don't have any ports forwarded in NAT.
Frank Thomas
Posted 2012-12-11T13:22:32.640
Reputation: 29 039
Not 100% understand the terminology you use here, but I'm gonna follow your instructions, do the router's firewall.. thanks – Jonier – 2012-12-11T14:30:41.230
0
I know I am years late to the party, but I am answering just to keep it linked here. You are looking at the wrong table as @Pat has pointed. You should look at the table pointed by the 'wireless' link.
I too was suspicious about the same thing, I found an ip address outside of local networks range in the same table. It was the routers external IP, as I realised it later. You can check this in the device info
0xc0de
Posted 2012-12-11T13:22:32.640
Reputation: 105
0
You are looking at the wrong table, if you are trying to see if some guy is connected to let say the wireless facility of your router the NAPT table is not the one.
The NAPT table shows you the connections that you are establishing to the outside world seen by your router's NAT (Network Address Translation) engine.
If you want to see if you got "company" try to see the DHCP table and see there if there are assignments to unknown users.
Pat
Posted 2012-12-11T13:22:32.640
Reputation: 2 593
1Block them from what? Where did you find them? – David Schwartz – 2012-12-11T13:24:34.240
I found them in my router's active session. I want to block them from my router. There's someone who's been sucking my internet bandwidth, I've blocked his MAC address, but then these "fake" IP's show up. – Jonier – 2012-12-11T13:31:16.203
Assuming your router is also doing NAT, it won't matter, since it won't NAT an address outside its subnet. You need to fix the actual problem. How is someone connecting to your network? Are you using WPA? – David Schwartz – 2012-12-11T13:35:28.750
Here's a printscreen of my roter's active session list http://postimage.org/image/g7pd4ir3n/
– Jonier – 2012-12-11T13:36:27.220Each has exactly one UDP session. It looks like DHCP. Are you sure this isn't just your own machines configuring themselves? – David Schwartz – 2012-12-11T13:39:36.670
They can connect to my router either by WAN or LAN. I pay for internet each month, and I share it with some people who helped me pay the bill. One user start sucking all the bandwidth, even the router's traffic control couldn't stop him. – Jonier – 2012-12-11T13:42:03.767
Ahh, why not ask a question about that then? (Unfortunately, the answer will be "consumer Internet access just doesn't provide fairness and there are no cheap solutions".) – David Schwartz – 2012-12-11T13:43:37.397
Are you sure your DHCP pool is
192.168.2.xxx? You're accessing the router at192.168.9.99. Or perhaps you're using a/16subnet, in which case static IPs in a great many ranges will have access. – JoshP – 2012-12-11T13:43:53.603I'm sure because they were not there when I was deciding what to do with the MAC address – Jonier – 2012-12-11T13:47:23.880
Thanks David, I guess there's nothing I can do about the "fairness". My question has come to this, how come when I 'm not blocking his MAC address, I set up the traffic rules, he still can brutally download like that? Secondly, Why the "fake" IP only show up after I've blocked his MAC address? – Jonier – 2012-12-11T13:59:56.153