I’ve been monitoring wifi traffic on my network. I’ve seen a large amount sent up by one device, which was reported as starting with BR70188B (mac address 70:18:8b) with manufacturer HonHaiPr.
HonHaiPr is Hon Hai Precision Industry, which makes network devices. The one in question (with the name BRW70188Bxxyyzz) was from a Brother MFC-650DW that is on the network.
Now that I’ve identified the printer, what to do about it? It was spewing lots of uploaded data – perhaps just to the clients that printed from it, but I’m perhaps a little paranoid. (It seems strange that it’s uploading almost as much as gets downloaded to the printer, though.) So I decided to knock it off the Internet to see what happened.
First, I gave it a static IP address in my dhcpd.conf:
host mfc650dw { hardware ethernet 70:18:8B:xx:yy:zz; fixed-address 192.168.1.253; option host-name "mfc650dw"; }
Next, I updated it in DNS (db and db.rev files) just ’cause now that it’s static it’s handy to have a name to deal with.
Finally, I added a rule to my pf.conf:
block out log quick from 192.168.1.253/32 to ! 192.168.1/24
Now if the printer’s trying to send data up to the Internet, it’s not going to make it through the firewall.
After I did all this, the printer wouldn’t work – Brother apparently stores the IP address but doesn’t refresh if it can’t find it. So I needed to download the Brother Network Connection Repair Tool to tell the Windows printer driver to look for the printer again. Sheesh.