nmrider66
Posts: 45
Joined: Fri Feb 10, 2017 8:31 pm

Network Pest

Tue Aug 06, 2019 5:25 pm

I rent a room in a house with nine tenants. We all share wireless internet provided by the landlord. I'm seeing these packets every few minutes from another user:

$sudo tcpdump -i wlan0 host 192.168.1.127
11:06:57.902903 IP 192.168.1.127.1900 > MyPi.33336: UDP, length 338
11:06:58.215979 IP 192.168.1.127.1900 >MyPi.33336: UDP, length 338
11:06:58.814692 IP 192.168.1.127.1900 > MyPi.33336: UDP, length 338
11:06:59.736929 IP 192.168.1.127.1900 > MyPi.33336: UDP, length 338
11:07:02.897106 ARP, Request who-has MyPi tell 192.168.1.127, length 28
11:07:02.897176 ARP, Reply MyPi is-at xx:xx:xx:xx:xx:xx (oui Unknown), length 28
11:08:58.025223 IP 192.168.1.127.1900 > MyPi.45977: UDP, length 338
11:09:00.161093 IP 192.168.1.127.1900 > MyPi.45977: UDP, length 338
11:09:03.029532 ARP, Request who-has MyPi tell 192.168.1.127, length 28
11:09:03.029607 ARP, Reply MyPi is-at xx:xx:xx:xx:xx:xx (oui Unknown), length 28
11:10:56.888098 IP 192.168.1.127.1900 > MyPi.38917: UDP, length 338
11:10:58.133849 IP 192.168.1.127.1900 > MyPi.38917: UDP, length 338
11:11:00.881968 IP 192.168.1.127.1900 > MyPi.38917: UDP, length 338
11:11:01.888145 ARP, Request who-has MyPi tell 192.168.1.127, length 28
11:11:01.888217 ARP, Reply MyPi is-at xx:xx:xx:xx:xx:xx (oui Unknown), length 28
^C
289 packets captured
289 packets received by filter
0 packets dropped by kernel
$

I added this to my iptables:
$sudo iptables -I INPUT -s 192.168.1.127 -j DROP

So, I should be somewhat protected. Should I be concerned about the UDP and ARP packets I'm seeing.

epoch1970
Posts: 5896
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Network Pest

Tue Aug 06, 2019 5:57 pm

The pest has upnp enabled, it wants to share with you ;)
If you worry about ARP, disconnect from the network...
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

drgeoff
Posts: 11372
Joined: Wed Jan 25, 2012 6:39 pm

Re: Network Pest

Tue Aug 06, 2019 6:13 pm

Isn't this a continuation of the story at https://www.raspberrypi.org/forums/view ... 5#p1503215 ?
Quis custodiet ipsos custodes?

nmrider66
Posts: 45
Joined: Fri Feb 10, 2017 8:31 pm

Re: Network Pest

Tue Aug 06, 2019 6:25 pm

My request was "should I be concerned". That's all.

User avatar
default_user8
Posts: 680
Joined: Mon Nov 18, 2013 3:11 am

Re: Network Pest

Tue Aug 06, 2019 9:38 pm

nmrider66 wrote:
Tue Aug 06, 2019 5:25 pm
I rent a room in a house with nine tenants. We all share wireless internet provided by the landlord. I'm seeing these packets every few minutes from another user:

$sudo tcpdump -i wlan0 host 192.168.1.127
11:06:57.902903 IP 192.168.1.127.1900 > MyPi.33336: UDP, length 338
11:06:58.215979 IP 192.168.1.127.1900 >MyPi.33336: UDP, length 338
11:06:58.814692 IP 192.168.1.127.1900 > MyPi.33336: UDP, length 338
11:06:59.736929 IP 192.168.1.127.1900 > MyPi.33336: UDP, length 338
11:07:02.897106 ARP, Request who-has MyPi tell 192.168.1.127, length 28
11:07:02.897176 ARP, Reply MyPi is-at xx:xx:xx:xx:xx:xx (oui Unknown), length 28
11:08:58.025223 IP 192.168.1.127.1900 > MyPi.45977: UDP, length 338
11:09:00.161093 IP 192.168.1.127.1900 > MyPi.45977: UDP, length 338
11:09:03.029532 ARP, Request who-has MyPi tell 192.168.1.127, length 28
11:09:03.029607 ARP, Reply MyPi is-at xx:xx:xx:xx:xx:xx (oui Unknown), length 28
11:10:56.888098 IP 192.168.1.127.1900 > MyPi.38917: UDP, length 338
11:10:58.133849 IP 192.168.1.127.1900 > MyPi.38917: UDP, length 338
11:11:00.881968 IP 192.168.1.127.1900 > MyPi.38917: UDP, length 338
11:11:01.888145 ARP, Request who-has MyPi tell 192.168.1.127, length 28
11:11:01.888217 ARP, Reply MyPi is-at xx:xx:xx:xx:xx:xx (oui Unknown), length 28
^C
289 packets captured
289 packets received by filter
0 packets dropped by kernel
$

I added this to my iptables:
$sudo iptables -I INPUT -s 192.168.1.127 -j DROP

So, I should be somewhat protected. Should I be concerned about the UDP and ARP packets I'm seeing.
You know you could always use your pi as an access point and get your own router. That would isolate your devices from everyone else on the network.
Two heads are better than one, unless one's a goat head.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 27726
Joined: Sat Jul 30, 2011 7:41 pm

Re: Network Pest

Wed Aug 07, 2019 1:47 pm

Note to posters - got a problem with a post? Report it. Don't try to deal with it yourself. Just makes me annoyed as I have to delete a load of posts.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

Return to “Networking and servers”