For the latest on our response to Coronavirus (COVID-19), click here.
Here comes a fun question
I've had the Digital Life system for a while now ( few years at least ) and I ran into an oddity recently that perhaps someone can help answer.
The Digital Life " brain " typically receives an IP address on the network via DHCP. On my network, the Digital Life box is isolated by itself on it's own Vlan. That box is the ONLY device that resides on that Vlan and that box only. Let's call it Vlan 100.
A quick glance at my Mac / Arp tables within the layer 3 switch that feeds this device and it's trivial to spot the unit based on the IP address associated with Vlan 100. We'll call it 192.168.100.10 ( I typically use the third octet to identify what Vlan a device resides on. )
So, Vlan 100. One single device resides upon the Vlan and it's the Digital Life box with an IP address of 192.168.100.10
Now, in the Edge Router ( that is playing firewall duties between my network and the Internet ) I have various ACL's built which allow / prohibit specific Vlans or even individual devices from leaving the network. It is a white listed ACL with an implicit DENY statement at the end meaning I have to specifically write a rule allowing a device access off the local network. No rule and the packet is flat denied.
Recently I've noted an IP address that is not assigned via DHCP trying to get out on the internet which originates from Vlan 100. I know this because my entire network is 192.168.X.Y Absolutely nowhere have I setup a Network Pool to serve out 10.X.Y.Z addresses. It is quite obvious it is the Digital Life unit as the address it is trying to reach resolves to a Digital Life system.
Specifically, it resolves to this: ph-cmhs2-s2.dlife.att.com
This is where the fun question comes into play.
If the Digital Life box already has a valid DHCP address that is allowed off the local network and is talking to the outside world, WHY is there a second IP address trying to get out ? Why does the box even have a second IP address and what is it used for ?
From the logs: deny ACE IPv4(TCP) 10.36.156.214(28882) -> 184.108.40.206(5222)