Help - Suspicious client by the name "JJPlus Corporation"on my RT-AC66U Router

[2phite]

Hi, I am new to the forum, and I wonder if anyone can help me with a router problem.

My router ASUS RT-AC66U has been in use for a few years. A month ago, I noticed a suspicious device on my client list, by the name "JJPlus Corporation". It claimed to be online for at least a month, but I don't know what it is.

I can reach it at its IP address port 80 with a browser, and it has an empty index page. I tried to ssh it but do not have a password; I tried 0000 and 1234.

Does anyone recognize such device? I have been regularly updating the router's firmware from Asuswrt-Merlin (newest non-beta versions), maybe it has something to do with a recent firmware patch?

 

[2phite]

Screenshot attached.

 

[FTC]

JJPlus seems like being the manufacturer's name of the device that is connecting. This firm builds wifi pci cards, so most likely it is a notebook or another device that uses such a card that is connecting to your network (could also be a games console or similar).
Even more, since it appears as a 2.4Ghz client it can not be an 'internal router device' or similar. My suggestion is that you establish a mac filter for that address or change the 2.4Ghz password preventing it to connect, and see how it works out... or if you find one of your devices that no longer works and you had forgotten about it..

 

[wouterv]

I suggest a few steps:

1. Check wireless is set to Authentication Method = WPA2-Personal.
2. Change the WPA Pre-Shared Key to something new (and complex enough).
3. Open the Administration>System page and check SSH and Telnet are NOT enabled.

If SSH or Telnet where enabled: revert the router to Factory defaults and manual configure the router again, including the above suggestions.

 

[2phite]

JJPlus seems like being the manufacturer's name of the device that is connecting. This firm builds wifi pci cards, so most likely it is a notebook or another device that uses such a card that is connecting to your network (could also be a games console or similar).
Even more, since it appears as a 2.4Ghz client it can not be an 'internal router device' or similar. My suggestion is that you establish a mac filter for that address or change the 2.4Ghz password preventing it to connect, and see how it works out... or if you find one of your devices that no longer works and you had forgotten about it..

Thank you. I tried to block Internet access for that MAC since I discovered it (ie. 1 month ago) but nothing seems to stop working so far. I think changing password serves the same purpose: pin down a device in my house. So I didn't change the password. It may worth a try I guess?

I suggest a few steps:

1. Check wireless is set to Authentication Method = WPA2-Personal.
2. Change the WPA Pre-Shared Key to something new (and complex enough).
3. Open the Administration>System page and check SSH and Telnet are NOT enabled.

If SSH or Telnet where enabled: revert the router to Factory defaults and manual configure the router again, including the above suggestions.

Thank you.

1. Wireless is set to WPA2-Personal as always.
2. I don't know what it is, will research.
3. I turned it SSH ON myself to play with it a bit in the past. We all know factory resetting solves lots of problems, but I will wait a bit and see if someone has any idea about this JJPlus device, possibly saving me a manual configuration.

 

[Gregory Phillips]

Before you go any further you might want to check out your personal devices to see if your laptop is running off that brand of Wi-Fi card. You can even check the IP and MAC of your own stuff relative to what is on the network to remove all traces of doubt as to what belongs to you.

 

[2phite]

Before you go any further you might want to check out your personal devices to see if your laptop is running off that brand of Wi-Fi card. You can even check the IP and MAC of your own stuff relative to what is on the network to remove all traces of doubt as to what belongs to you.

Thank you. I can't think of one so far, but probably will if I search harder.

 

[aavvtomjerry]

I face the similar issue like you.
I decide to change the wifi password.

I go to check mac address one by one device and rename it in Router to easy recognize.
Finally, I found nothing strange because the unknown device from the old mobile phone that my sister use that I do not know because they do not show the name of user but show the generic name.
I can find it from mac address.

 

[bbunge]

And, make sure WPS is turned off! Some firmware updated have been reported to turn WPS on so iy is a great idea to check all of your settings after a firmware upgrade.

 

[Southernclipper]

Hi, I am new to the forum, and I wonder if anyone can help me with a router problem.

My router ASUS RT-AC66U has been in use for a few years. A month ago, I noticed a suspicious device on my client list, by the name "JJPlus Corporation". It claimed to be online for at least a month, but I don't know what it is.

I can reach it at its IP address port 80 with a browser, and it has an empty index page. I tried to ssh it but do not have a password; I tried 0000 and 1234.

Does anyone recognize such device? I have been regularly updating the router's firmware from Asuswrt-Merlin (newest non-beta versions), maybe it has something to do with a recent firmware patch?

JJPlus Corp makee medical devices so did you or a family member recently obtain a medical device that uses wifi

 

[Gregory Phillips]

JJPlus Corp makee medical devices so did you or a family member recently obtain a medical device that uses wifi

That or a neighbor and is another reason for a strong encryption key.

 

[wouterv]

Thank you. I tried to block Internet access for that MAC since I discovered it (ie. 1 month ago) but nothing seems to stop working so far. I think changing password serves the same purpose: pin down a device in my house. So I didn't change the password. It may worth a try I guess?


Thank you.

1. Wireless is set to WPA2-Personal as always.
2. I don't know what it is, will research.
3. I turned it SSH ON myself to play with it a bit in the past. We all know factory resetting solves lots of problems, but I will wait a bit and see if someone has any idea about this JJPlus device, possibly saving me a manual configuration.

"Change the WPA Pre-Shared Key to something new (and complex enough)" means to set a new and strong wifi password for both 2.4 GHz and 5 GHz.
There have been reports of hacked routers that have SSH enabled, combined with "Enable Web Access from WAN", that is why I still strongly recommend to hard-reset the router and also not allow Web Access from WAN .

 

[sfx2000]

Guest WLAN enabled?

This is kind of a known issue there...

 

[HuskyHerder]

Edit :

See post #17 below for what was causing my issue.


Original:

I too experienced this unknown device, this morning. I suspect it (bug) came from the latest update? I have been overly busy at work and no chance to notice. It was not present on my system to the best of my knowledge in early August 2017.

Just incase anyone stumbles across this issue in the future. (I pulled it up via a google search.) I outlined my steps taken. In a proper troubleshooting procedure you go through the motions. So I mentioned the steps below, and in the order they were taken.

* Also notated the steps and solution as it seems to be a weird bug.


TLDR; @ the bottom.

1. Check wireless is set to Authentication Method = WPA2-Personal.
2. Change the WPA Pre-Shared Key to something new (and complex enough).
3. Open the Administration>System page and check SSH and Telnet are NOT enabled.

1. Yes, set as such already.
2. Yes, already 20+ characters. * It was changed in a step below. I kept the same password/key at this point out of curiosity on my part.
3. Neither enabled, on WAN or LAN

JJPlus Corp makee medical devices so did you or a family member recently obtain a medical device that uses wifi

No, no new devices. * I am the only individual in our home with the password/key.

That or a neighbor and is another reason for a strong encryption key.

I changed the WIFI password/key just to be safe. I already had a very strong encryption key. I took the chance to beef it up even more. * My curiosity had faded at this point.

The device still showed up after the password/key change.

Guest WLAN enabled?

No.


TLDR;

The fix was to preform a default of the router and setup as new from scratch. The mystery device no longer shows up. My network has been up for almost an hour now with no sign of the mystery device.

RT-AC5300 @ Merlin 380.68​

 

[Gregory Phillips]

I just wanted to add that at one point my router's client list reported an apple iPhone on the network which I don't own. After further investigation it turned out to be a ghost of an android phone. How did I discover this? I blocked the device and then checked all cell phones to see if any of them had suddenly been blocked. When I found the disconnected phone I removed the block and the device began working so take it for what its worth.

 

[2phite]

I did a factory default on my router using its admin page, not long after my last post in this thread, which was in April 2017. I also changed the admin password, and WIFI password for both bandwidths, but I don't remember the order of all these. The result was this "JJPlus" device never showed up again in my router's client list.

 

[HuskyHerder]

Well, I am back again, I needed to update my troubleshooting. Turns out It was some flawed logic on my part.

During my testing phase (above post), I had forgotten one crucial piece of equipment. Several months ago, July 30th to be exact. Just about the time I originally noticed the "JJPLUS Corporation" device in my connected clients list. I had purchased a reset plug from Amazon. https://www.amazon.com/dp/B01BU2ALGO/?tag=snbforums-20

When I was testing my devices in my previous post. I had forgotten that I unplugged the ResetPlug, due to my changing the wifi password etc. Its only after I changed the password and preformed all the testing that I finally defaulted and reconnected the ResetPlug, giving it the new password. Probably after I wrote my post above.

A few weeks back I noticed that the "JJPLUS Corporation" device had returned. I put it off for further thought. Tonight, I finally got around to blocking the spurious device. Then I watched my internet reboot multiple times.
At first I though it was Spectrum, as Saturdays around this time of night, they usually perform updates if any are needed. Then the epiphany hit me... you idiot, LOL

Turns out it was a device on my network and it was the ResetPlug. Yep, I flubbed that testing, but a good troubleshooting sometimes requires multiple trials and errors. Eventually you'll fix the issue. Even if it was old human error.

I have now assigned the device a static IP, via reservation and added it to my master list to ensure no more silly mistakes. Plus changed the name to ResetPlug in the router GUI.

Maybe this will help someone else too.