Surf SOHO MK3 running firmware 7.1.2.
On June 13, 2020 the Daily Bandwidth report showed a LAN client with an IP address of 100.115.92.1 and a blank MAC address. Screen shot below.
Looking at the Monthly Bandwidth report for May 2020, same thing, as shown below.
Any guesses what this is? ipinfo.io calls it a bogon. iplocation.net refers to RFC6598.
Is it just me? Anyone else see this in their Monthly Bandwidth report?
@Michael234, can you help to open ticket for us to take a closer look? We would like to investigate where this IP came from. Please attention the ticket to me.
Thanks.
OK will do.
FYI: I created an outbound firewall rule to log any traffic from this IP address. We’ll see if it catches anything …
Do you have Chromebooks with Android apps on your network?
Yes there are Chromebooks with Android apps. Why do you ask?
That’s what’s causing those IP addresses and MAC address to show up.
Well well well. Interesting. Thanks.
I just tested a Chromebook with Android apps and the unusual IP address did not appear anywhere in the router. That doesn’t make the earlier observations wrong. It could be that it only happens sometimes. Or that ChromeOS has changed over time.
Update: this IP still appears whenever I use a Chromebook. I have created a firewall rule that blocks it and logs it. Last tested with firmware 8.1.
Then, finally, create another rule at the very bottom (this must be the last one) that denies and logs everything. The only way the last rule gets hit is if a chunk of data tried to leave your LAN and the source IP address is not what it is supposed to be. Call the rule NotMyLAN, leave the Protocol at Any, the Source at Any Address and the Destination at Any Address. Change the Action to Deny and turn on logging. Why even consider such a remote possibility? It has happened to me. Long story. (added June 2020)
Is this firewall rule you mentioned in your SOHO configuration page apply to this situation?
Yes and no. Twice I have seen IP addresses that were not from my LAN or any of my VLANs try to leave the router. The rules I wrote on the website catch both cases. But 100.115.92.1 is so strange, I made a rule at the top of the outbound fw rule list just for it. It consistently happens when I use a Chromebook and I have not noticed anything break on the Chromebook by blocking these data transmissions.
