Results 1 to 3 of 3
  1. #1
    Newbie
    Join Date
    May 2021
    Posts
    8

    Default Lingering host entries

    I know different versions of this question have been asked before, but hear me out:

    After installing Untangle on my network, my initial stab at creating policy rules involved setting up DHCP reservations, and then assigning policies based on IP address.

    My must-push-all-boundaries child (whose successful attempts at skirting OpenDNS category filtering led me to upgrade to Untangle), decided it would be a good idea to see what would happen if he claimed a different IP address on his school-issued chromebook (the policy for which has internet access locked down), and in doing so, successfully got his device mapped to a different policy which allowed internet access.

    When I later figured out what he had done after puzzling over some strange data in the reports, I switched to setting policies based on a username applied to a device. He didn't know I had figured him out, and he subsequently tried the same trick, but this time, stymied due to the policy "following" him even if he changed his IP address, he tried numerous addresses in a row, furiously hoping to find one that would get him internet access again, before he did eventually quit.

    I now have 11 "ghost" entries in my host listing, showing his chromebook MAC, hostname, username, and tags all associated with various IP addresses that have never been assigned to any other device, and that he only claimed for a moment each. They make it a little difficult to locate the "real" host entry for his device, due to the total repetition of all data, except for the IP address.

    What I've seen elsewhere in the forums is that these will get cleaned up once they no longer have any important state information. But it's been over two weeks, and my logs are set up to be retained for only 7 days. What could be holding up cleanup of these phantom hosts?

  2. #2
    Newbie
    Join Date
    May 2021
    Posts
    8

    Default

    After trying a few combinations of things, the entries seem to get removed if all the tags are removed, and the device then goes off the network for about half an hour. I don't know if that time frame is absolute, or is tied to some particular configuration setting.

  3. #3
    Untangler
    Join Date
    Sep 2019
    Posts
    31

    Default

    I have used that trick before remove tags and the next day the dangling host is gone.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2