RT AC86u / 3.0.0.4.386.41634 / Unknown mac's appearing

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

ATLga

Senior Member
Updated firmware to 3.0.0.4.386.41634

Started seeing two unknown mac's in my System Log General. This is the ONLY place I see them spamming the log over and over. Do NOT see them in Network View List, , Wireless Log, or DHCP Leases.

I am stumped on wtf these are???

fe:4d:77 and d4:a6:51 (Tuya Smart per google search)


I went so far as to delete settings from every device in the house, changed user ID & password on the router multiple times. Even with the connected laptop being the only device left on the network, these damn Mac addresses still show up. Literally ever 2-3 seconds it pops the log. After messing with the router half the day and it still showing up even though user and password were changed, I Mac address blocked it and it stopped spamming. I also noticed if I turned off the 2.4 radio it would stop. WTF is this???
 

Attachments

  • Screen Shot 2021-01-16 at 5.40.40 PM.png
    Screen Shot 2021-01-16 at 5.40.40 PM.png
    20.1 KB · Views: 60
Last edited:

OzarkEdge

Part of the Furniture
I also noticed if I turned off the 2.4 radio it would stop. WTF is this???

Maybe some confused/sick 2.4 IoT client? Unplug it. :)

OE
 
Last edited:

KsWoodsMan

Regular Contributor
eth5 ? If I'm correct eth0 connects to the switch. While eth1 and eth2 are the connected to the 2.4 and 5.1 GHz radios respectively.
Real, or not, I'm certanly curious where your router picked up an extra device.


If I don't recognize the MAC address, I couldn't track it down and it only happens with 2.4 WiFi enabled, I'd change the password(s) for the 2.4 GHz network(s).
If it's still there, I'd immediately backup any files stored in the /jffs partition and do a full reset on the on the router configuring it from scratch with new and stronger passwords.

Before restoreing any of the files from the /jffs partition I'd manually confirm nothing about them was "amiss".
 

ATLga

Senior Member
eth5 ? If I'm correct eth0 connects to the switch. While eth1 and eth2 are the connected to the 2.4 and 5.1 GHz radios respectively.
Real, or not, I'm certanly curious where your router picked up an extra device.


If I don't recognize the MAC address, I couldn't track it down and it only happens with 2.4 WiFi enabled, I'd change the password(s) for the 2.4 GHz network(s).
If it's still there, I'd immediately backup any files stored in the /jffs partition and do a full reset on the on the router configuring it from scratch with new and stronger passwords.

Before restoreing any of the files from the /jffs partition I'd manually confirm nothing about them was "amiss".
Did all that. Reset about five times with different username and password each time. Came right back each time. I think eth5 is 2.4 and eth6 is 5 regarding WiFi
Mac filter blocked it but I’m curious why or how it appears and why it’s not in the other logs it should be in. That alone makes me think it’s some sort of bug
 

ATLga

Senior Member
Updated firmware to 3.0.0.4.386.41634

Started seeing two unknown mac's in my System Log General. This is the ONLY place I see them spamming the log over and over. Do NOT see them in Network View List, , Wireless Log, or DHCP Leases.

I am stumped on wtf these are???

fe:4d:77 and d4:a6:51 (Tuya Smart per google search)


I went so far as to delete settings from every device in the house, changed user ID & password on the router multiple times. Even with the connected laptop being the only device left on the network, these damn Mac addresses still show up. Literally ever 2-3 seconds it pops the log. After messing with the router half the day and it still showing up even though user and password were changed, I Mac address blocked it and it stopped spamming. I also noticed if I turned off the 2.4 radio it would stop. WTF is this???
Screenshot cut off the right side

it says rssi 0
 
Last edited:

ATLga

Senior Member
Updated firmware to 3.0.0.4.386.41634

Started seeing two unknown mac's in my System Log General. This is the ONLY place I see them spamming the log over and over. Do NOT see them in Network View List, , Wireless Log, or DHCP Leases.

I am stumped on wtf these are???

fe:4d:77 and d4:a6:51 (Tuya Smart per google search)


I went so far as to delete settings from every device in the house, changed user ID & password on the router multiple times. Even with the connected laptop being the only device left on the network, these damn Mac addresses still show up. Literally ever 2-3 seconds it pops the log. After messing with the router half the day and it still showing up even though user and password were changed, I Mac address blocked it and it stopped spamming. I also noticed if I turned off the 2.4 radio it would stop. WTF is this???

So on a whim, I setup another router in AP mode. All settings the same with the exception of different channels for 2.4 & 5. System Log does Not show the two phantom MAC addresses spamming.

So regarding the Ac86u it looks like a bug to me with something that doesn’t exist showing up in the one log only
 
Last edited:

ATLga

Senior Member
So on a whim, I setup another router in AP mode. All settings the same with the exception of different channels for 2.4 & 5. System Log does Not show the two phantom MAC addresses spamming.

So regarding the Ac86u it looks like a bug to me with something that doesn’t exist showing up in the one log only

Rolled firmware back to 384.82072 and have not seen the phantom Mac addresses showing up in System Log at all. .386 fw is really annoying as h3LL
 

OzarkEdge

Part of the Furniture
Rolled firmware back to 384.82072 and have not seen the phantom Mac addresses showing up in System Log at all. .386 fw is really annoying as h3LL

No phantom MACs here. It's running fine so far.

OE
 

ATLga

Senior Member
Rolled firmware back to 384.82072 and have not seen the phantom Mac addresses showing up in System Log at all. .386 fw is really annoying as h3LL
Spoke to soon. Not long after it started spamming again.
First, updated back to just released last week fw.
Then I put all the iot devices in guest 3 (2.4 only) new ssid, changed ssid and pw on those devices to the new guest 3 info. Spamming continued. Changed the guest ssid again but not on the devices; spamming stopped. From there I narrowed this down to a new Amazon Echo Dot w/clock. It is configured correct in the Alexa app, and the damn Sidewalk feature is toggled off for the account. I'll be damned though if these things aren't broadcasting another Mac in addition to the one they already have. Maybe sidewalk is off but they broadcast anyway but don't allow connections? Don't know and there needs to be more info out on this.

Been racking my ass off for three days over this. I have a list of every device I own along with its MAC address and was positive these weren't mine. I guess this sorta explains why I didn't see them in any logs other than the main System Log, somehow their wifi is piggybacked onto the main ssid of the individual echo.
 
Last edited:

bbunge

Very Senior Member
Newer cell phones that randomize the MAC. Use the newer firmware. Ignore the log!
 

ATLga

Senior Member
Newer cell phones that randomize the MAC. Use the newer firmware. Ignore the log!
It's not the random Mac on the phones or the tablets. I know what the Macs are for those and these are in addition to that. Pretty stupid to ignore the log when there are unknown devices showing up without a clear explanation. Now I know what they are.
 

OzarkEdge

Part of the Furniture
It's not the random Mac on the phones or the tablets. I know what the Macs are for those and these are in addition to that. Pretty stupid to ignore the log when there are unknown devices showing up without a clear explanation. Now I know what they are.

Much ado about nothing... unplug those silly Amazon things! :)

OE
 

L&LD

Part of the Furniture
I have an enormous number of NaiN devices (Not allowed in Network) for my networks. They encompass all IoT sAt's (silly Amazon things!).
 

OzarkEdge

Part of the Furniture
I have an enormous number of NaiN devices (Not allowed in Network) for my networks. They encompass all IoT sAt's (silly Amazon things!).

Yeah, I don't understand why people want to be enslaved to administrate superfluous Big Data dependencies on their network. Just say no, thanks.

OE
 

dbell

Occasional Visitor
Wild guess - any Amazon devices (Ring, Echo, etc) with their new Sidewalk peer network bridging enabled ?
 

OzarkEdge

Part of the Furniture

dbell

Occasional Visitor
Sorry did not notice that until re-reading the thread.
 

ATLga

Senior Member
Updated firmware to 3.0.0.4.386.41634

Started seeing two unknown mac's in my System Log General. This is the ONLY place I see them spamming the log over and over. Do NOT see them in Network View List, , Wireless Log, or DHCP Leases.

I am stumped on wtf these are???

fe:4d:77 and d4:a6:51 (Tuya Smart per google search)


I went so far as to delete settings from every device in the house, changed user ID & password on the router multiple times. Even with the connected laptop being the only device left on the network, these damn Mac addresses still show up. Literally ever 2-3 seconds it pops the log. After messing with the router half the day and it still showing up even though user and password were changed, I Mac address blocked it and it stopped spamming. I also noticed if I turned off the 2.4 radio it would stop. WTF is this???
@RMerlin
Would your firmware identify the IP address or any other info related to these Mac addresses?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top