Hi everybody, I think I have a possible security breach in my network.
from time to time I see dhcp leases in the night, like 2am or 3am and tries authentications on my Home-Assistant server.
As it is during such timeframe, I can clearly say that it is nothing triggered from me or my environment.
Firewall rules:
Port forwarding:
Traffic rules:
Can someone say what is possibly wrong?
I also enabled syslogging, but I can't see any message during such timeframe that would allow some conclusion where to look at.
Thanks for your help.
DHCP usually's on 24/7, are these new leases, or some device renewing their lease ?
there should be a MAC somewhere, check who it belongs to ?
Hi Frollic,
yes I meant, new DHCP release was issued.
I already looked for that MAC address, but any MAC search can't find that MAC...
I assume it's a wireless device, wired devices usually don't use MAC randomization ...?
1 Like
You are right...
I would have never thought of such... But is even more weird... that would mean someone would need's to be in physical distance to be able to login to that wifi...
Or someone is using whatever device and spoofing a mac address...
@Chavell38419
Change your wireless encryption key / passcode but do not tell anyone.
Wait and see if anyone (that normally has access) complains.
If no-one complains, job done.
2 Likes
I added a mac allow list to my that wifi now.
Let's see if that helps.
