Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 17644 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unauthorized Hotspot Client

tama
Hey,

We have a hotspot network and users must sign-in in order to use it. I was checking the Flow Monitor of my UTM 9.313-3 and noticed an Application called "Unauthorized Hotspot Client". I googled it but didn't find anything.

Can you help me out and tell me what this is? Thanks a lot in advance.

tama


This thread was automatically locked due to age.
  • 0
    It means something is trying to connect to your hotspot that hasn't logged in.  Try tracing it back to the IP.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    Hey Scott_Klassen, 

    thanks for the reply. We had 4GB of Traffic used by the "Unauthorized Hotspot Client". I can't really imagine a scenario in which something would need that much traffic in order to connect to a hotspot. Do you have any idea?
  • 0
    Agreed that is too much, but it could easily be misclassified traffic.  Can you find the client in the various reports at Logging & Reporting > Network Usage > Bandwidth Usage and in the same section, are any other clients showing the same classification?

    Also, see if there is traffic from this client in the Web Filtering log.  If so, and if you're using the proxy in transparent mode, you can add the client IP to the transparent skiplist, then create a firewall rule to block web for the client, then wait and see who screams.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    Good morning [[:)]]

    Well, i checked the Logs and am now seeing more than 6500 results in the Application "Unauthorized Hotspot Client". This is somehow good to know because it seems to be nothing dangerous but still pretty weird. 



    NXDOMAIN tells me that the client tried to find a non-existant domain but how comes that this needs 471.9 MB? I'm stuck.

    Thanks Scott by the way. This points me in the right direction! [[:)]]
  • 0

    Hi all.

    I to have this showing on the flow monitor. I tracked it down and its one of our voip phones connecting out on UDP 5060. Image attatched.

    Whag is strange is that this device and the server its connecting to is in the skip transparent proxy list, it is also obviously not web traffi.

    Does anyone have an idea of how to reclassify this traffi.  The server and client have network definitions listed and are on the voip list

    under the network protection / voip list in client / server mode.

     

    Any ideas or suggestions would be much appreciate.

     

    Many Thanks.

     

    Stuart.

      

  • 0 in reply to stuartbe

    Hi, Stuart, and welcome to the UTM Community!

    The "skip transparent proxy list" is a setting only for Web Filtering for a Profile in Transparent mode and is unrelated to Hotspots.  You should be able to tell from the IP of the device which Wireless Network it's connected to.  Check that wireless phone to see if it's correctly configured to work with your VoIP SSID and has the proper credentials.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML