# Security issue in my network somewhere...?



## hat (Jul 9, 2020)

I've been having some strange things going on lately. Long story short - someone just earlier tonight made an account here at TPU and tried to stir up some trouble... but their account appears to be logged in with my own IP address! My fiancee also says she's had issues in the past on Facebook with other people getting strange messages coming from her with our IP address, but it wasn't her sending them. Apparently, she took it up with Facebook and they dug deeper on that issue and they found out it was actually coming from Wisconsin. If there's a security issue somewhere, I'm not sure where it could be. Whatever it is, it's not something as glaringly obvious as an unsecured Wi-Fi network. What should I do to look for security issues?


----------



## W1zzard (Jul 9, 2020)

What's your network and computer setup like?

Try changing Wifi passwords


----------



## sam_86314 (Jul 9, 2020)

Could probably use a packet sniffer like Wireshark to see where on your network the traffic is coming from.


----------



## hat (Jul 9, 2020)

W1zzard said:


> What's your network and computer setup like?
> 
> Try changing Wifi passwords



I'm thinking my wifi password would be pretty hard to crack, and damn near impossible to just guess, but I suppose it's something worth doing.

I've got a modem (modem only, not a modem/router combo) connected to my own wifi router (RT-N66R, flashed with Tomato). As I've mentioned before, the wifi has a strong password that would be pretty hard to crack... other than that, I've got ethernet running to a few PCs and game consoles and such.



sam_86314 said:


> Could probably use a packet sniffer like Wireshark to see where on your network the traffic is coming from.



I can try to take a look at that, but I've never used a tool like that before.

Still, none of this explains to me how someone could appear to be sending messages on Facebook from our IP, but actually being in Wisconson. Obviously, there's no way our wifi reaches all the way over there...


----------



## sam_86314 (Jul 9, 2020)

hat said:


> I can try to take a look at that, but I've never used a tool like that before.


It's been a while since I've used it. I'd say look for traffic from a device with a MAC address that none of your devices have.

Your router probably has a feature to log things that happen on your network too.


----------



## W1zzard (Jul 9, 2020)

hat said:


> from our IP, but actually being in Wisconson


IP to location mappings are hand-crafted databases that can be out of date or inaccurate. What makes you think "Wisconsin"?


----------



## hat (Jul 9, 2020)

W1zzard said:


> IP to location mappings are hand-crafted databases that can be out of date or inaccurate. What makes you think "Wisconsin"?


No idea. She said she contacted Facebook about the issue (that is, people getting messages from her that she didn't send) and they initially said it came from our IP, but then they dug deeper and they said it came from Wisconsin. That's all I know about it. This happened quite a while ago, and I'm always hearing things about people having trouble with Facebook, so I just chalked it up to Facebook weirdness. Strange accounts connecting to TPU with our IP address has me more concerned.


----------



## Athlonite (Jul 9, 2020)

could be a case of IP address spoofing where they haven't actually penetrated your network but are using your IP address in the form of spoofed packet headers


----------



## hat (Jul 9, 2020)

sam_86314 said:


> It's been a while since I've used it. I'd say look for traffic from a device with a MAC address that none of your devices have.
> 
> Your router probably has a feature to log things that happen on your network too.



You mean in the "Source" tab, right? This should expose a device on my network that shouldn't be there. However, I should be able to see this information in my router, anyway.



Athlonite said:


> could be a case of IP address spoofing where they haven't actually penetrated your network but are using your IP address in the form of spoofed packet headers



I'm not sure how one would do this, but if this were the case (and probably likely if I am indeed being attacked) that probably means there isn't anything I can do about it, and my own network itself remains intact, correct?


----------



## Athlonite (Jul 9, 2020)

Try asking your ISP to give you a new IP address that should stop spoofing in its tracks if that's what is happening but I'd also change the Pword for your network wifi and modem login


----------



## hat (Jul 9, 2020)

Athlonite said:


> Try asking your ISP to give you a new IP address that should stop spoofing in its tracks if that's what is happening but I'd also change the Pword for your network wifi and modem login


I can change my own IP all day my changing my router's MAC address... but then that wouldn't explain where it came from in the first place. If they got me the first time, "they" can just as easily do it again, no?


----------



## ne6togadno (Jul 9, 2020)

in the wifi router under status you have logs tab. check there for info about events for the router (connected devices, logins to router etc.)
also add mac filtering and ip reservation for lan/wifi and then limit available ips for dhcp only to the range needed for your devices.


----------



## Jetster (Jul 9, 2020)

Could someone have your IP and be out to cause you problems using a proxy ?


----------



## Athlonite (Jul 9, 2020)

hat said:


> I can change my own IP all day my changing my router's MAC address... but then that wouldn't explain where it came from in the first place. If they got me the first time, "they" can just as easily do it again, no?



wouldn't that only change the IP your modem gives your router and not the actual IP address the internet see's


----------



## DeathtoGnomes (Jul 9, 2020)

ne6togadno said:


> in the wifi router under status you have logs tab. check there for info about events for the router (connected devices, logins to router etc.)
> also add mac filtering and ip reservation for lan/wifi and then limit available ips for dhcp only to the range needed for your devices.


to add to this, current routers can send the log to you via email, but they dont make it easy to do. I still havent got mine to work (netgear).


----------



## hat (Jul 9, 2020)

Athlonite said:


> wouldn't that only change the IP your modem gives your router and not the actual IP address the internet see's


Nah, it gives me a whole new IP address. I've done it long ago and verified success with whatismyip.



Jetster said:


> Could someone have your IP and be out to cause you problems using a proxy ?



Seems the most likely scenario (or just some random troll)... seems nearly impossible to prevent, from what I can tell. I can change my IP, but that only works until it happens again. They had to have some way to get it in the first place.


----------



## Bill_Bright (Jul 9, 2020)

Athlonite said:


> Try asking your ISP to give you a new IP address that should stop spoofing in its tracks if that's what is happening





hat said:


> I can change my own IP all day my changing my router's MAC address...


Ummm, that's not how it normally works.


hat said:


> Nah, it gives me a whole new IP address. I've done it long ago and verified success with whatismyip.


"Long ago", you could just unplug the modem from the Internet for 24 hours, connect it again and get a new IP assignment. But times have changed. If you have not verified this recently (like this morning) I would do it again. 

Typically, the IP address the world (and the bad guy) sees is assigned by your ISP to your modem, not your router. If not, you could not troubleshoot your local network by isolating your Internet connection by by-passing your router and connecting a PC directly to the modem.

So I agree with Athlonite and give your ISP a call and explain the situation and ask for a different IP assignment. They will likely give you a hard time because available IPv4 addresses for the ISP are limited. so stand your ground. Be nice and polite, but firm. 

Also, while the IP address is assigned to the MAC address of your modem, with many ISPs (like mine) they assign that IP to the account which is tied to the billing or street address. I discovered this when I bought a new DOCSIS 3.1 modem to replace my old 2.0 modem. The new modem got authorized and assigned my old IP address. 

And I agree to change your wifi passphrase. You (or your fiancée) might have given it to some visitor at some time in the past. HOWEVER, for them to cause problems today, they would have to be physically located close to your network in order to connect - like next door.  

And while unlikely, make sure nobody physically connected an unauthorized device on your Ethernet network. This, of course, would require someone had access to your home - a "trusted"  house guest. So you would need to inspect all your Ethernet cables and look for an unauthorized device - perhaps hiding in the attic, basement, or closet. And if you find an unauthorized device, it might be time to change your door locks, search for hidden cameras, and call the police too. 


hat said:


> What should I do to look for security issues?


Check your router's admin menu. Most (if not all) router's. let you see the connected devices. Verify each one. Sadly, this may not be easy because not all devices nicely and uniquely identify themselves. For example, I have 2 devices connected to my wifi network, both labeled as "network device". I have to click on each one individually to see one is my Sony Android Phone and the other is my Samsung Blu-ray player. 

You might also change you local network settings to limit the maximum number of connected devices that can connect to your network at one time. You can set a range of DHCP IP assignments your router can issue to your devices. So, if between you and your fiancée, you have 4 computers, plus a smart TV, smart phones, and smart door bell, you could limit the connections to 8 devices only. You can also enable MAC Filtering to only allow access to the devices with specific MAC addresses. 

If you don't need Guest Network, disable it.


----------



## W1zzard (Jul 9, 2020)

Bill_Bright said:


> to limit the maximum number of connected devices that can connect to your network at one time


Interesting alternative to MAC address filtering, for which I'm always too lazy


----------



## Bill_Bright (Jul 9, 2020)

LOL 

Well, it really is simple - and a one-time task. In both this Linksys router I'm using now, and in my old Netgear, it is just 1 setting in the admin menu that needs setting. I set mine to 15. I also told my printer to always ask for and use ("reserve") the same IP address, that is above those possible 15 DHCP assigned IP addresses. This is similar to but easier than setting a static address. Doing this prevents the networked printer from grabbing an IP previously assigned to one of my computers when power is restored after an extended power outage. I did the same with my NAS. I used to have to reconfigure Windows on each machine to use the new IP address for the printer and NAS. A real PITA. Now, I never have to.


----------



## Athlonite (Jul 10, 2020)

I do exactly the same thing Bill but I do it for the printer the TV and the two permanently connected PC's everything else gets a random IP out of what's left of the 15 IP's allowed


----------



## remixedcat (Jul 11, 2020)

Athlonite said:


> could be a case of IP address spoofing where they haven't actually penetrated your network but are using your IP address in the form of spoofed packet headers


This as well as the following:
People often get apps like Hola or any of those "anonymizer" apps that basically make your system an exit node for anyone to do nefarious actions. They can still do that even if your WAN IP changes

Please see if you got any of those and if you do promptly uninstall them or even better, reformat if you do in fact do.


----------



## newtekie1 (Jul 11, 2020)

Run a virus scan on all your computers to make sure you aren't infected with something.


----------



## R-T-B (Jul 11, 2020)

Bill_Bright said:


> Ummm, that's not how it normally works.



Define "normally."

It's indeed MAC based DHCP-IP issuance at the USA's biggest ISP, comcast.


----------



## newtekie1 (Jul 11, 2020)

R-T-B said:


> Define "normally."
> 
> It's indeed MAC based DHCP-IP issuance at the USA's biggest ISP, comcast.



Yeah, I was just going to say that changing the MAC of the router's WAN port does change the public IP on Comcast.


----------



## Bill_Bright (Jul 11, 2020)

But it is simple to spoof (clone) MAC addresses and in fact, it is commonly done for legitimate reasons too. Every router I have owned has had MAC cloning in the admin menu, I can tell the router to use my PC's MAC address. In this way, every device on my network is seen by the ISP as my PC. 

I've not worked with Comcast but have with TW, RR, and Cox. And while they use the modem's MAC address to configure the authorize the connection, it is still tied the owner's account #. If you get a new modem, yes you get a new MAC. But RR, TW and Cox typically assign the same IP to it. 

IPSs don't have an infinite number of IP addresses to give out. In fact, the ranges of IP addresses are limited.


----------



## moproblems99 (Jul 11, 2020)

Always the possibility of ip spoofing but not likely considering the impersonation aspect.

Other than full network scans, I would revoke everyone's license and setup Mac filtering.  Mac is an annoyance but this would be temporary while you see if there effects.

And, to be honest, WiFi passwords are relatively moot.  The protocols themselves are the problem followed by the router firmware.  Provided you aren't backdoored, which is somewhat a lot of work for friend to be pranking you, the Mac filter should let you know what it is going on.


----------



## R-T-B (Jul 11, 2020)

Bill_Bright said:


> TW, RR, and Cox.



I'm pretty sure 2 outta 3 of those are now owned by comcast.

Comcast's dhcp doesn't care so much about account, it threw that stuff away with the IPv6 push.  It's now mac based, or based on some entropy bits if the mac is already found in the db.

Anyhow, way OT sidenote...  I'll see myself out.



moproblems99 said:


> The protocols themselves are the problem followed by the router firmware.



This is true.  If you are using a bad protocol, password length ceases to matter.

I'd go mac filtering as well.


----------



## moproblems99 (Jul 11, 2020)

R-T-B said:


> I'm pretty sure 2 outta 3 of those are now owned by comcast.



RR is owned/partnered with TW who was bought by Comcast Charter.  I would be curious to know how dissimilar their networks are and if they chose to keep them dissimilar or adopted the 'better' one.  By 'better', I mean the one that is cheapest.

Edit: Changed Comcast to Charter.  Also, I am unsure what level of co-op TW and RR were but I do know they are connected.  I suppose I also don't know the exact purchase agreement anymore because I was a TW/RR customer and am now a Charter/RR customer.  No idea what happened to TW.



R-T-B said:


> I'd go mac filtering as well.



As Bill pointed out, mac filtering isn't necessarily going to stop his problem.  But it will definitely tell him if someone is in his network remotely or locally. I also know you know this.



Bill_Bright said:


> But RR, TW and Cox typically assign the same IP to it.



I can assure you that RR/TW/Charter don't do that.  At minimum, I have a subnet of ips that are possible assignments.  At best, it is random.


----------



## newtekie1 (Jul 12, 2020)

Bill_Bright said:


> IPSs don't have an infinite number of IP addresses to give out. In fact, the ranges of IP addresses are limited.



Wait, do you think when an ISP assigns someone an IP address, that address can never be used again even if the IP isn't assigned to the person anymore?

Seriously, look how IP pools work, its like networking 101.



Bill_Bright said:


> I've not worked with Comcast but have with TW, RR, and Cox. And while they use the modem's MAC address to configure the authorize the connection, it is still tied the owner's account #. If you get a new modem, yes you get a new MAC. But RR, TW and Cox typically assign the same IP to it.



The only time the IP is tied to the account is when the customer has a static IP address, which is extra and usually only available to business accounts not residential.  Otherwise, the ISP uses DHCP to assign an available IP from the "non-static" pool.  The IP address is assigned randomly from the pool when the modem connects to the ISP's network. The modem's MAC is used to establish the initial connection, but the router's MAC is used to assign the IP and the router's MAC is bound to the assigned IP.  Changing the router's MAC changes the person's public IP.  It is like this on AT&T, Frontier, Comcast and TW(and maybe the others, but I don't have experience with them).  Each ISP has a different DHCP lease times that determine how long before an IP is returned to the available pool.


----------



## silkstone (Jul 12, 2020)

hat said:


> I've been having some strange things going on lately. Long story short - someone just earlier tonight made an account here at TPU and tried to stir up some trouble... but their account appears to be logged in with my own IP address! My fiancee also says she's had issues in the past on Facebook with other people getting strange messages coming from her with our IP address, but it wasn't her sending them. Apparently, she took it up with Facebook and they dug deeper on that issue and they found out it was actually coming from Wisconsin. If there's a security issue somewhere, I'm not sure where it could be. Whatever it is, it's not something as glaringly obvious as an unsecured Wi-Fi network. What should I do to look for security issues?



You're not using TOR or anything like that on any of your devices? Past IP spoofing, to do anything as complex as you describe would require a VPN or a huge amount of effort. Even if you had a smart device that was compromised, you wouldn't see that happening.
Do you have your router (and modem) with nnon-default admin passwords? Is your router admin page closed to the internet?
How do you know that the TPU IP address was your own IP?


----------



## Easy Rhino (Jul 12, 2020)

hat said:


> I've been having some strange things going on lately. Long story short - someone just earlier tonight made an account here at TPU and tried to stir up some trouble... but their account appears to be logged in with my own IP address! My fiancee also says she's had issues in the past on Facebook with other people getting strange messages coming from her with our IP address, but it wasn't her sending them. Apparently, she took it up with Facebook and they dug deeper on that issue and they found out it was actually coming from Wisconsin. If there's a security issue somewhere, I'm not sure where it could be. Whatever it is, it's not something as glaringly obvious as an unsecured Wi-Fi network. What should I do to look for security issues?



Maybe I am just too old and grizzled, but this is not a "tech" issue and I am fairly certain your fiancee is not telling you the entire truth. I do wish you the best of luck.


----------



## hat (Jul 12, 2020)

silkstone said:


> You're not using TOR or anything like that on any of your devices? Past IP spoofing, to do anything as complex as you describe would require a VPN or a huge amount of effort. Even if you had a smart device that was compromised, you wouldn't see that happening.
> Do you have your router (and modem) with nnon-default admin passwords? Is your router admin page closed to the internet?
> How do you know that the TPU IP address was your own IP?



Nothing of the sort, that I know of. You can't access my router admin page from the Internet, or even wifi, and the password is not the default password.

W1zzard showed me the troll account was logged in with my IP.



Easy Rhino said:


> Maybe I am just too old and grizzled, but this is not a "tech" issue and I am fairly certain your fiancee is not telling you the entire truth. I do wish you the best of luck.



It is a tech issue if someone somewhere is up to something fishy... unless, of course, it was her, then it wouldn't be a tech issue. I didn't mention it before because I felt it was irrelevant to tell the whole story, but what happened was someone came here, registered an account, sent me a PM saying "can you send me a private message" and sent her a PM saying something like "is your boyfriend hat cause he's cheating on you and sending me dirty pictures". Now, I'm not sure why she would do something like that, if that's what you're suggesting, but given how ridiculous that sounds considering the situation, I'd prefer to give her a little more credit than that and chalk it up to some random troll trying to cause issues for me. 

I don't know how difficult it would be to find my IP and then spoof it, but so far it looks more likely than some glaring security hole in my network. I've got all the basics covered, so it shouldn't be that easy to compromise one of the machines on my network, unless somebody did something that made it easy to be compromised... but everybody's got Windows 10 (with Defender running, of course) and we're behind a not ancient router, so it shouldn't be that easy.


----------



## silkstone (Jul 12, 2020)

hat said:


> Nothing of the sort, that I know of. You can't access my router admin page from the Internet, or even wifi, and the password is not the default password.
> 
> W1zzard showed me the troll account was logged in with my IP.
> 
> ...



Seems odd to do something like that on TPU and not regular social media, if true, it would appear targeted. But why bother spoofing your IP or using your network? Change the wifi passwords anyway, it could be a malicious neighbour maybe? I myself am a fan of Occam's Razor, not that it's always correct.


----------



## moproblems99 (Jul 12, 2020)

hat said:


> I don't know how difficult it would be to find my IP and then spoof it, but so far it looks more likely than some glaring security hole in my network. I've got all the basics covered, so it shouldn't be that easy to compromise one of the machines on my network, unless somebody did something that made it easy to be compromised... but everybody's got Windows 10 (with Defender running, of course) and we're behind a not ancient router, so it shouldn't be that easy.



Setup MAC filtering.  It will take an hour and you will know with almost 100% certainty what is happening.


----------



## newtekie1 (Jul 12, 2020)

silkstone said:


> Seems odd to do something like that on TPU and not regular social media, if true, it would appear targeted. But why bother spoofing your IP or using your network?



Yeah, that seems odd to me too.  Why so specific as to create an account here at TPU and cause trouble?  And how did the person get hat's IP to spoof it? It's not like IPs that people post from are public here at TPU.  And if it is just someone that broke into hat's network, why create an account here and start trouble?  That seems so specific, and not what I'd do if I got into someone network.  The whole thing seems odd.  It just seems like a lot of work just to get someone banned from TPU...


----------



## Bill_Bright (Jul 12, 2020)

newtekie1 said:


> Wait, do you think when an ISP assigns someone an IP address, that address can never be used again even if the IP isn't assigned to the person anymore?


Of course it can. I am saying that is part of the problem. Because there are a limited number of IP addresses, it definitely will be assigned again. But that, in itself creates problems. How do sites like TPU permanently ban JoeBadGuy if he keeps coming back, but with a new username? They ban the IP address, right?  So then what happens if you get JoeBadGuy's old IP? You are banned before you can even start here. So ISPs avoid IP addresses getting assigned and re-assigned willy-nilly. 

It is just like phone numbers in the US. There is a limited number per area code. There's even a limited number of area codes. I got a new cell phone last year and decided to get a new phone number with it. Big mistake. On the way home from the phone store, I got a spam text from bill collectors for "Meghan" - the previous holder of that phone number! To this day, I get a dozen or so text messages and robo-calls a week for her. 


newtekie1 said:


> Seriously, look how IP pools work, its like networking 101.


I know how the pools work. I used to manage one. But pools are not bottomless oceans. 


newtekie1 said:


> Each ISP has a different DHCP lease times that determine how long before an IP is


This is true. And 25+ years ago when I first got broadband (Cox cable Internet) in my home, all I had to do to get a new IP address was unplug my modem for 24 hours plus 1 or 2 minutes, plug in the modem again and I got a new IP. Today, I can leave my modem disconnected while away from home for 3 weeks (as I was earlier this year), come back and still have the same IP. 

FTR, I am NOT saying my account # with my ISP and my IP address are tied together as part of any network/DHCP "protocol" connecting my network to theirs. My apologies if I was unclear there. 

I am saying it is typical SOP (standard operating procedure) or ISP "policy". That is, I am saying in the ISP's "billing" data base, my assigned IP is linked to my account number, which of course is tied to my physical address, my modem and my modem's MAC address. And unless I call up and give them a convincing story as to why I need a different IP address, that IP is mine - permanently until I terminate my service with them. 

I buy my own modems (I don't rent from my ISP). And as I noted above, I have upgraded my modem 3 or 4 times over the years. New modems of course have new MAC addresses. Yet after getting my new modems, I still have the same IP address I've had for years - and that was by my ISP's "policy" they use to manage their pool. I don't believe Cox is unique in how they manage their pool. 

But I could be wrong. So I would ask those of you who are saying your ISP doesn't assign your IP to your account to give them a call and ask for a new IP address assignment. If they don't have a policy tying them together, it should take all of 60 seconds to get a new one. Let us know how cooperative they are and how easy it is to get a new one. I know for a fact, as someone who was a network manager for a big network, that technically, for someone with the proper admin credentials, it is a simple task that can be done in a few seconds. 

But will the ISP's policy allow it? I hope it is as simple as some here are suggesting. But I will not be surprised if not. 


moproblems99 said:


> Setup MAC filtering.


Getting around that is almost as easy for a fairly talented badguy as getting around disabled SSID broadcasting. MAC filtering certainly can help with limiting the number of connections to your own network. But it is not really a security precaution because it is not an effective barrier at blocking unauthorized access by a knowledgeable badguy determined to get in. 


silkstone said:


> But why bother spoofing your IP or using your network?


Badguys (or mischievous neighborhood whizkids) might do this to hide their own dubious or illegal activities.  Or a disgruntled or rejected X might do this to bring unwanted attention on you. As far as using your network - that is a common practice on metered networks. They use your bandwidth instead of theirs. Or perhaps they don't even have Internet.


----------



## moproblems99 (Jul 12, 2020)

Bill_Bright said:


> Getting around that is almost as easy for a fairly talented badguy as getting around disabled SSID broadcasting. MAC filtering certainly can help with limiting the number of connections to your own network. But it is not really a security precaution because it is not an effective barrier at blocking unauthorized access by a knowledgeable badguy determined to get in.



If you read my posts fully, you would see that I said it wouldn't fix his problem.  Only let him know with near certainty what it is.  Here, let me requote that for you.



moproblems99 said:


> As Bill pointed out, mac filtering isn't necessarily going to stop his problem. But it will definitely tell him if someone is in his network remotely or locally. I also know you know this.





moproblems99 said:


> Setup MAC filtering.  It will take an hour and you will know with almost 100% certainty what is happening.



Notice I said "it won't fix your problem".



Bill_Bright said:


> But I could be wrong. So I would ask those of you who are saying your ISP doesn't assign your IP to your account to give them a call and ask for a new IP address assignment. If they don't have a policy tying them together, it should take all of 60 seconds to get a new one.



I get a new IP nearly anytime I instruct my router to renew it's lease.  It's not every time but I can usually do it once a month.  I presume it happens when leases are available.  No leases available, I get the same ip with a new lease


----------



## sneekypeet (Jul 12, 2020)

Bill_Bright said:


> They ban the IP address, right?



No we do not.


----------



## Bill_Bright (Jul 12, 2020)

sneekypeet said:


> No we do not.


Thanks, I stand corrected. But then it seems a spammer or troll, as examples, could not be permanently banned. All he or she needs to do is register again with a different user name. Right?

I realize even blacklisting an IP address is somewhat futile with a determined troll. But eventually [hopefully] they will get tired of changing their IPs and move on to another site.


----------



## sneekypeet (Jul 12, 2020)

Bill_Bright said:


> Thanks, I stand corrected. But then it seems a spammer or troll, as examples, could not be permanently banned. All he or she needs to do is register again with a different user name. Right?
> 
> I realize even blacklisting an IP address is somewhat futile with a determined troll. But eventually [hopefully] they will get tired of changing their IPs and move on to another site.



We have tricks, w1zzard makes it easy to find them.


----------



## Bill_Bright (Jul 12, 2020)

sneekypeet said:


> We have tricks, w1zzard makes it easy to find them.


 I understand. I'm on the staff at a couple sites too. So I understand your vagueness.


----------



## R-T-B (Jul 13, 2020)

moproblems99 said:


> As Bill pointed out, mac filtering isn't necessarily going to stop his problem. But it will definitely tell him if someone is in his network remotely or locally. I also know you know this.



That's kind of the reason I'd do it.

Sorry for not clarifying.  To really solve a problem like this, you need to identify the entry point.  Mac filtering helps you know if it's "inside" or "outside."


----------



## stinger608 (Aug 9, 2020)

Any update on this issue @hat ? 

I'm hoping that you resolved this problem my friend.


----------

