Tuesday, July 29, 2014

Now that I know who my phone is trying to talk to, what do I do about it?

As a follow up to my previous post Do you know who your phone is talking to when you're not looking? Discovering who my phone was trying to talk to turned out to be who all the phones in my house, along with every machine with Chrome as a web browser, were trying to talk to.  The great and mysterious   Seeing the massive volume of dropped packets on my new Sophos UTM Home Edition firewall, intrusion prevention, antivirus virtual (now physical) appliance led me to a few other discoveries.  Since the replacement of my Airport Extreme as my only barrier between my devices and the chaotic cesspool of infection that is "The Internet" I, along with my wife and daughter discovered that our Android (read Google) phones suddenly had less than half the battery life they did before.

Being the curious fellow I am I followed that path until I discovered that our phones were experiencing something called wlan_rx_wake and the general consensus is that it is a DHCP or 5GHz issue, or router issue.  No one has yet been able to track the root cause 100%.

If you factor in all of the above, and consider that I am using Chrome on all of my devices, which are all logged into the same google account so that I can open tabs on my phone that I left open on my laptop, etc.  And the fact that all of this information is collected and used by Google in order to make happen, it makes  perfect sense, to me at least, that this is the root cause of my problem.

I have tried turning off DHCP and going with sttic IP and switching off 5GHz which made no difference so i am left with either not using Chrome (something i don't think I can do) or figuring out how to allow all of into my network

So far, using Sophos UTM 9.2 I have been unable to get the firewall/NAT/Application pools correct so that these two underlying domain networks are allowed in, while sitll properly NATing my network.

This is another thing.  Within Sophos, I am masquerading my internal  IP addresses into the External IP.  How then is is possible for these inbound, net new, connections from the network not only gettingi dropped when I have atempted to allow it, They still show up as attempting to  communicate directly to my internal iP  enstead of connecting to The externlal IP where i hae routes defined just wating to pass the informatin aloon.

Maybe my few follower can help me out.  My new level of CDO is such that now that I know the problem is there, it must be fixed.

More to follow my friends, as I figure this thing out.