Available Now: Buy the new iPhone 14, iPhone 14 Pro and iPhone 14 Pro Max from AT&T!
gregoliver1's profile

Tutor

 • 

41 Messages

Wed, May 20, 2020 12:17 PM

Pace Plc 5268AC -- br6 and ghost device on down'ed WiFi (5GHz)

Hi,

I do not use the AT&T ruter for anything except uVerse TV receivers in the house, but today I was just doing a security audit and dug around in the logs and device table and noticed 2 odd things.

1. ipnet6: Up on br6 with 203.0.113.1/29 -- This is an IP range assigned to AsiaPac by ARIN -- why would my router be assigning a bridge interface to this range?

2. Interface Status Active Devices Inactive Devices

EthernetEthernet Enabled 2 0

HPNAHomePNA Disabled 0 0

Wireless 5GHz Wi-Fi Disabled 1 0

Wireless 2.4GHz Wi-Fi Disabled 0 0

How would the Wireless 5GHz show (1) active device when it is completely turned off..?

I am sure these are software glitches of sorts, but it just strikes me as weird and I figured I would ask someone with more knowledge of the home routers than I.

Thanks in advance for any insights!

-Greg

ATTHelp

Community Support

 • 

200.3K Messages

2 y مضت

Hey @gregoliver1,

 

We're here to help with your inquiry. The active device on 5 GHz is your third-party gateway. IP Passthrough works by taking one of the Wi-Fi's IP address and assigning it to the third-party gateway. It seems like your 5GHz IP was assigned to it. You can read up more about IP Passthrough here.

 

For your third-party gateway assigning a bridge interface. We recommend talking to the manufacturer. AT&T gateways do not allow the option for bridge mode.

 

Let us know if this helps.

 


Max, AT&T Community Specialist

Tutor

 • 

41 Messages

@ATTHelp 

Hi, it is the AT&T router assigning the br6 interface with the IP I listed.

The WAN IP address is passed to my gateway as expected through the DMZ mode as you probably know.

ipnet6: Up on br6 with 203.0.113.1/29

Those are lines directly from the system log on the AT&T Pace Pic router we have. Usually br{n} denotes a bridge interface. The Pace Pic has several of them:

Link Tree

\-->root0 is UP

|-->global0 is UP

|-->device0 is UP

|-->route0 is UP

|-->fw0 is UP

|-->phone0 is PHONE_IDLE

|-->phone1 is PHONE_IDLE

|-->led0 is UP

|-->brcmboard0 is UP

\-->wifi0 is UP

|-->home0 is UP

|-->br0 is UP

|-->ipnet1 is UP

\-->ippool0 is UP

\-->ip6net0 is DISABLED

\-->br6 is UP

\-->ipnet6 is UP

\-->bband0 is UP

|-->br2 is NOT_PROV

\-->br1 is UP

\-->eapol0 is UP

\-->autoeth0 is UP

|-->dhcp0 is UP

\-->ipnet0 is UP

|-->dnstest0 is UP

|-->dhcpm0 is UP

\-->ip6rd0 is DISABLED

\-->ip6net1 is UP

\-->dhcp6c0 is UP

Who shoudl I call regarding that? It is very strange a br is assigned a direct /29 to a network block AT&T does not even own!!! That network block is nowhere in my house (or gateway I use).

Thanks for looking into it!

-Greg

ATTHelp

Community Support

 • 

200.3K Messages

Hey @gregoliver1,

 

Bridge mode should be disabled within the AT&T gateway. You can report it to our postmaster. They do handle Internet attacks and probes. You can Email them at abuse@att.net. Please include the source IP address, date, time, time zone, type of attack, and logs. Please only send one Email otherwise it may result in being marked as spam. No attachments inside the Email, logs must be copy and pasted. Our Email reader does not accept attachments.

Let us know if this helps.

 

 

Max, AT&T Community Specialist

Still need help? Ask a question! Our 1.4 million members typically respond within 1 hour.

*I am an AT&T employee, and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
showergel

Teacher

 • 

15 Messages

3 m مضت

This may be a few years late, but this network exists solely for the purpose of documenation, per the IETF (https://www.rfc-editor.org/rfc/rfc5737.html).  

Basically, if I was writing a document and wanted to use a public IP space in that documentation, but didn't want to refer to a public IP network that is actually in use (think of how bad that might be for the IP block owner), then this is one of those 3 networks that should be used.

IANA recommendations for this space 203.0.113.0/24, is for ISPs to add the network to a non-routable space so those IPs it cannot be used within their network.  It seems AT&T hasn't sufficiently blocked that entire /24 space of this network, instead they blocked only /29 of it.  The other two networks in the RFC are not in the AT&T gateway config at all.  Perhaps the larger set of IP blocking occurs downstream from the gateway, but I cannot confirm that.

Lastly, someone would need to own the IP block, even if it was designated as unusable.  AsiaPAC happens to be the owner of this non-routable public IP block.

Either way the network on br6 is set to NONROUTE so it conforms more or less, to the IETF RFC, even if it's not entirely compliant at the AT&T Gateway level.  

Need help?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.