What attack forces WAN disconnect for entire network when a guest LAN client is disconnected?

OpenSource Ghost

Limp Gawd
Joined
Feb 14, 2022
Messages
220
What kind of an attack would result in a brief disconnect from WAN (for the whole network) when a single client gets disconnected? Assume client is on Guest Network, correctly isolated (Layer 2 on router + Layer 3 via VPN), has access to internet, but has no access to administrative LAN and has no access to other clients. Client can be LAN and/or WLAN. Disconnecting that client physically from LAN by pulling Ethernet cable or from WLAN by turning off WiFi on client results in entire LAN disconnecting from WAN for a brief period of time, during which all clients lose connections to whichever servers on WAN due to connections timing out.

Would it require some kind of briding MITM attack on both LAN and WAN at the same time?
 
Something something ARP spoofing, maybe; or maybe static electricity makes the switch reboot? If you can reproduce it, especially if you can reproduce it while you've got something capable of packet capture in between the weird client and the rest of the network, you should be able to figure it out with Wireshark.
 
I’ve seen something like this years ago. The cause was that Ethernet ports on the WAN gateway were re-autonegotiating.

Try setting your WAN port(s) on your gateway to fixed speed and see if that helps. Took me ages to solve that one - and in the end it was a gnarly old network engineer who suggested what to try. I set the WAN ports to not auto negotiate and never had the problem again.

Might take a while to work out which ports are causing the problem but something to look for. Hope it helps.
 
That's definitely not it. Everryting is already set manually and it doesn't explain how disconnecting an isolated WiFi client temporarily takes down the whole LAN.

ARP-something makes more sense than ever. When that disruptions happen, there's an epic flood of ARP requests from router to disconnected client.
 
Since it happens when the client is on wifi or Lan, I'd look at the VPN. Take that out and repeat. Perhaps the sudden disconnection of the vpn is causing the issue.
 
Back
Top