Is someone trying to access my router?

Larceny · May 12, 2024

I see the following in the router. A bit concerning.

May 11 22:56:06 syslog: wlceventd_proc_event(530): eth1: Auth 4E:C4:FD:B3:80:C9, status: Successful (0), rssi:0
May 11 22:56:06 syslog: wlceventd_proc_event(559): eth1: Assoc 4E:C4:FD:B3:80:C9, status: Successful (0), rssi:0
May 11 22:56:12 syslog: wlceventd_proc_event(494): eth1: Deauth_ind 4E:C4:FD:B3:80:C9, status: 0, reason: 4-way handshake timeout (f), rssi:0
May 11 22:56:14 syslog: wlceventd_proc_event(530): eth1: Auth 4E:C4:FD:B3:80:C9, status: Successful (0), rssi:0
May 11 22:56:14 syslog: wlceventd_proc_event(559): eth1: Assoc 4E:C4:FD:B3:80:C9, status: Successful (0), rssi:0
May 11 22:56:20 syslog: wlceventd_proc_event(494): eth1: Deauth_ind 4E:C4:FD:B3:80:C9, status: 0, reason: 4-way handshake timeout (f), rssi:0

I looked up the MAC address, but got no results. https://macaddress.io/mac-address-lookup/W5A9egpL5P
"The MAC address does not belong to any registered block."

Do I need to worry about this?

Router: AC68U
Firmware: 386.13 (Merlin)
SSID name: ASUS

OzarkEdge · May 12, 2024

Larceny said:
I see the following in the router. A bit concerning.

May 11 22:56:06 syslog: wlceventd_proc_event(530): eth1: Auth 4E:C4:FD:B3:80:C9, status: Successful (0), rssi:0
May 11 22:56:06 syslog: wlceventd_proc_event(559): eth1: Assoc 4E:C4:FD:B3:80:C9, status: Successful (0), rssi:0
May 11 22:56:12 syslog: wlceventd_proc_event(494): eth1: Deauth_ind 4E:C4:FD:B3:80:C9, status: 0, reason: 4-way handshake timeout (f), rssi:0
May 11 22:56:14 syslog: wlceventd_proc_event(530): eth1: Auth 4E:C4:FD:B3:80:C9, status: Successful (0), rssi:0
May 11 22:56:14 syslog: wlceventd_proc_event(559): eth1: Assoc 4E:C4:FD:B3:80:C9, status: Successful (0), rssi:0
May 11 22:56:20 syslog: wlceventd_proc_event(494): eth1: Deauth_ind 4E:C4:FD:B3:80:C9, status: 0, reason: 4-way handshake timeout (f), rssi:0

I looked up the MAC address, but got no results. https://macaddress.io/mac-address-lookup/W5A9egpL5P
"The MAC address does not belong to any registered block."

Do I need to worry about this?

Router: AC68U
Firmware: 386.13 (Merlin)
SSID name: ASUS

That looks like WiFi client activity... clients today can use random MACs that you can't resolve... a setting on the client. Could be your device; could be the kid next door playing around. Used good passwords. And while you're at it, scan your WAN connection using GRC.com Shield's UP\all service ports to see if you have any open ports.

OE

Larceny · May 12, 2024

OzarkEdge said:
That looks like WiFi client activity... clients today can use random MACs that you can't resolve... a setting on the client. Could be your device; could be the kid next door playing around. Used good passwords. And while you're at it, scan your WAN connection using GRC.com Shield's UP\all service ports to see if you have any open ports.

OE

Thanks for the reply.
This connection log just popped up in my router.

May 12 13:52:12 syslog: wlceventd_proc_event(530): eth1: Auth 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:12 syslog: wlceventd_proc_event(530): eth1: Auth 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:12 syslog: wlceventd_proc_event(559): eth1: Assoc 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:12 syslog: wlceventd_proc_event(559): eth1: Assoc 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:12 syslog: wlceventd_proc_event(559): eth1: Assoc 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:20 syslog: wlceventd_proc_event(494): eth1: Deauth_ind 62:AB:9A:1D:49:BD, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3), rssi:-74
May 12 13:52:22 syslog: wlceventd_proc_event(530): eth1: Auth 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:22 syslog: wlceventd_proc_event(559): eth1: Assoc 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:30 syslog: wlceventd_proc_event(494): eth1: Deauth_ind 62:AB:9A:1D:49:BD, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3), rssi:-74

I wasn't using any wifi related products the moment the log was created .
Except for my solar panels which are connected to an Envoy Enphase router, which is something I can't disconnect.
But I can't simply trace these logs back to if they are coming from the Envoy Router or something else for that matter. Which is really bugging me.

Any help is appreciated.

OzarkEdge · May 12, 2024

Larceny said:
Thanks for the reply.
This connection log just popped up in my router.

May 12 13:52:12 syslog: wlceventd_proc_event(530): eth1: Auth 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:12 syslog: wlceventd_proc_event(530): eth1: Auth 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:12 syslog: wlceventd_proc_event(559): eth1: Assoc 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:12 syslog: wlceventd_proc_event(559): eth1: Assoc 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:12 syslog: wlceventd_proc_event(559): eth1: Assoc 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:20 syslog: wlceventd_proc_event(494): eth1: Deauth_ind 62:AB:9A:1D:49:BD, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3), rssi:-74
May 12 13:52:22 syslog: wlceventd_proc_event(530): eth1: Auth 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:22 syslog: wlceventd_proc_event(559): eth1: Assoc 62:AB:9A:1D:49:BD, status: Successful (0), rssi:0
May 12 13:52:30 syslog: wlceventd_proc_event(494): eth1: Deauth_ind 62:AB:9A:1D:49:BD, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3), rssi:-74

I wasn't using any wifi related products the moment the log was created .
Except for my solar panels which are connected to an Envoy Enphase router, which is something I can't disconnect.
But I can't simply trace these logs back to if they are coming from the Envoy Router. Which is really bugging me.

Any help is appreciated.

The log activity is normal for wireless clients connecting and disconnecting. If you suspect unauthorized clients, change your WiFi password and put your clients back on your network.

OE

Thread starter	Title	Forum	Replies	Date
M	Can someone read my syslog and tell me why I keep losing internet?	Asuswrt-Merlin	21	Jun 19, 2023
C	Can someone help with this code...	Asuswrt-Merlin	7	Jun 18, 2023
S	Anyone else having issues trying to flash the newest merlin (stable or beta) to the GT-0AXE11000?	Asuswrt-Merlin	4	Dec 1, 2023
J	Trying to understand system log entries related to rebooting router	Asuswrt-Merlin	4	May 27, 2023
M	ssh access with DNS name takes a long time where it did not used to	Asuswrt-Merlin	0	Friday at 12:27 PM
P	Openvpn internet access	Asuswrt-Merlin	0	May 1, 2024
E	OpenVPN TAP internet access problem	Asuswrt-Merlin	0	Apr 23, 2024
S	Prevent client from connecting to router but allow connection to internet via access point	Asuswrt-Merlin	4	Apr 23, 2024
G	RESOLVED: Lost access to WebUI from LAN, SSH is working	Asuswrt-Merlin	1	Apr 9, 2024
N	Connecting an ax58u to a BT homehub 5, via a lan port, and not getting internet access.	Asuswrt-Merlin	3	Apr 9, 2024

Search

Search

Is someone trying to access my router?

Larceny

Occasional Visitor

OzarkEdge

Part of the Furniture

Larceny

Occasional Visitor

OzarkEdge

Part of the Furniture

Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Members online