Page 1 of 1

Network Pest

Posted: Tue Aug 06, 2019 5:25 pm
by nmrider66
I rent a room in a house with nine tenants. We all share wireless internet provided by the landlord. I'm seeing these packets every few minutes from another user:

$sudo tcpdump -i wlan0 host 192.168.1.127
11:06:57.902903 IP 192.168.1.127.1900 > MyPi.33336: UDP, length 338
11:06:58.215979 IP 192.168.1.127.1900 >MyPi.33336: UDP, length 338
11:06:58.814692 IP 192.168.1.127.1900 > MyPi.33336: UDP, length 338
11:06:59.736929 IP 192.168.1.127.1900 > MyPi.33336: UDP, length 338
11:07:02.897106 ARP, Request who-has MyPi tell 192.168.1.127, length 28
11:07:02.897176 ARP, Reply MyPi is-at xx:xx:xx:xx:xx:xx (oui Unknown), length 28
11:08:58.025223 IP 192.168.1.127.1900 > MyPi.45977: UDP, length 338
11:09:00.161093 IP 192.168.1.127.1900 > MyPi.45977: UDP, length 338
11:09:03.029532 ARP, Request who-has MyPi tell 192.168.1.127, length 28
11:09:03.029607 ARP, Reply MyPi is-at xx:xx:xx:xx:xx:xx (oui Unknown), length 28
11:10:56.888098 IP 192.168.1.127.1900 > MyPi.38917: UDP, length 338
11:10:58.133849 IP 192.168.1.127.1900 > MyPi.38917: UDP, length 338
11:11:00.881968 IP 192.168.1.127.1900 > MyPi.38917: UDP, length 338
11:11:01.888145 ARP, Request who-has MyPi tell 192.168.1.127, length 28
11:11:01.888217 ARP, Reply MyPi is-at xx:xx:xx:xx:xx:xx (oui Unknown), length 28
^C
289 packets captured
289 packets received by filter
0 packets dropped by kernel
$

I added this to my iptables:
$sudo iptables -I INPUT -s 192.168.1.127 -j DROP

So, I should be somewhat protected. Should I be concerned about the UDP and ARP packets I'm seeing.

Re: Network Pest

Posted: Tue Aug 06, 2019 5:57 pm
by epoch1970
The pest has upnp enabled, it wants to share with you ;)
If you worry about ARP, disconnect from the network...

Re: Network Pest

Posted: Tue Aug 06, 2019 6:13 pm
by drgeoff
Isn't this a continuation of the story at https://www.raspberrypi.org/forums/view ... 5#p1503215 ?

Re: Network Pest

Posted: Tue Aug 06, 2019 6:25 pm
by nmrider66
My request was "should I be concerned". That's all.

Re: Network Pest

Posted: Tue Aug 06, 2019 9:38 pm
by default_user8
nmrider66 wrote:
Tue Aug 06, 2019 5:25 pm
I rent a room in a house with nine tenants. We all share wireless internet provided by the landlord. I'm seeing these packets every few minutes from another user:

$sudo tcpdump -i wlan0 host 192.168.1.127
11:06:57.902903 IP 192.168.1.127.1900 > MyPi.33336: UDP, length 338
11:06:58.215979 IP 192.168.1.127.1900 >MyPi.33336: UDP, length 338
11:06:58.814692 IP 192.168.1.127.1900 > MyPi.33336: UDP, length 338
11:06:59.736929 IP 192.168.1.127.1900 > MyPi.33336: UDP, length 338
11:07:02.897106 ARP, Request who-has MyPi tell 192.168.1.127, length 28
11:07:02.897176 ARP, Reply MyPi is-at xx:xx:xx:xx:xx:xx (oui Unknown), length 28
11:08:58.025223 IP 192.168.1.127.1900 > MyPi.45977: UDP, length 338
11:09:00.161093 IP 192.168.1.127.1900 > MyPi.45977: UDP, length 338
11:09:03.029532 ARP, Request who-has MyPi tell 192.168.1.127, length 28
11:09:03.029607 ARP, Reply MyPi is-at xx:xx:xx:xx:xx:xx (oui Unknown), length 28
11:10:56.888098 IP 192.168.1.127.1900 > MyPi.38917: UDP, length 338
11:10:58.133849 IP 192.168.1.127.1900 > MyPi.38917: UDP, length 338
11:11:00.881968 IP 192.168.1.127.1900 > MyPi.38917: UDP, length 338
11:11:01.888145 ARP, Request who-has MyPi tell 192.168.1.127, length 28
11:11:01.888217 ARP, Reply MyPi is-at xx:xx:xx:xx:xx:xx (oui Unknown), length 28
^C
289 packets captured
289 packets received by filter
0 packets dropped by kernel
$

I added this to my iptables:
$sudo iptables -I INPUT -s 192.168.1.127 -j DROP

So, I should be somewhat protected. Should I be concerned about the UDP and ARP packets I'm seeing.
You know you could always use your pi as an access point and get your own router. That would isolate your devices from everyone else on the network.

Re: Network Pest

Posted: Wed Aug 07, 2019 1:47 pm
by jamesh
Note to posters - got a problem with a post? Report it. Don't try to deal with it yourself. Just makes me annoyed as I have to delete a load of posts.