Extra iPhone paired
I have only paired one device and have noticed that a random device keeps getting paired and I have to manually remove it.
At first I thought this might be caused from logging into the webUI but tested logging into web UI to see if a new device was paired.... and there was not.
Is there a way to setup notifications when a new device has been paired to the admin interface and make this a critical notification?
Is this normal or has my device been hacked?
-
If you are using the web interface, then that "additional/random" device is the web interface. By removing the pairing you are just logging off the web interface. (Under the name of the pairing, you should see firewalla_web)
And in cases, if you have smart kid/s, we have seen them getting physical access to the box and pair their own phones to it. This doesn't happen often, but teens do this.
-
I do not know how often the FireWalla iPhone app updates the "paired devices" field, but when I tested logging in and out of the web UI, it did not create a new pairing. Also, the name was simply random, it did not have "web" in the name at all. I will take a screen shot next time I see it.
I suppose all you need to pair the device is the QR code.
Is it possible to get this code if some devices was sniffing the local network while I am pairing a device perhaps?
I haven't taken the time to take a deep dive at the authentication steps for pairing yet, unfortunately.
Some other random questions I should probably make into separate posts :)
- Is there a brute force ssh blocker in place for the router? If there are subsequent failed attempts to login via ssh, will a temporary blocking rule be put in place to stop brute force attempts
- Is it possible to setup a cron job to kick off a new random password every hour
- Is there a way to increase the password complexity for ssh than what is currently generated
-
To pair, you will need to have the QR code and be physically close to the unit. For additional pairing, you can share a special QR code on your phone. Part of the pairing process is encrypted, so sniffing won't do much.
Other question
1. repeated ssh will likely cause an alarm on the box. there is no blocker on the ssh side.
2. There is a process that changes your password, so you should not worry too much about that.
3. Current ssh password is 10 digits, a mix/randomized of upper case + lower case + numbers, this is a combination of (26+26+10)^10 or, a very very very large number
-
A couple of things that might contribute to this issue:
iPhones and Android phones have "use randomized MAC" enabled by default on new networks. I'm not sure how the pair information is stored, but if you try to to go the web interface after your phone's randomly-generated MAC has changed, I could see it having issues recognizing you were using the same device.
Conversely, however, I'm using a Pixel phone and have disabled randomized MACs, but I find that my session to the web interface resets at least daily. I try to log in and get the QR code message on the page, but have confirmed that I still have two devices paired in the app, being "Pixel 3 XL (This Phone)" and the "firewalla_web" device.
It's become a morning routine to fire up the web interface and reconnect it with the app.
-
Yes, you are correct. The iPhone does have a "Private Address" setting under your Wi-Fi connection settings that turns off the random mac address generation.
In my case the name that was showing up though as paired is always the same .. and the one that was appearing in my paired devices appeared to be random.
I see the "pairing" web UI more of a physical authentication token rather than pairing. I actually like this feature.
After this latest firmware update a few days ago, I am not seeing this extra paired random device showing up anymore... even after logging into the web interface.
One thing I have done, however, is disable the ssh console for all networks except the VPN. I am sure it is simply a coincidence.
Please sign in to leave a comment.
Comments
5 comments