automaton
Occasional Visitor
My general log was getting spammed with dissoc messages after migrating from 384.13 to 384.15. I commented about this problem here: 384.14_2 on AC86U | Disassociated because sending station is leaving....
The log spam looks like this:
This was mostly fixed after following the above thread, however today I noticed the spam again. However what's interesting is it appears to be from a MAC address that is unidentified and I don't recognize it either, and the Wireless Log shows the device as '<unknown>' for both IP and device name. Additionally, this device is not listed in the 'Display low level details' at all.
It constants auths, then dissasocs, and after awhile I think gives up and doesn't do it anymore.
The MAC address of the offending device is D8:F1:5B:xx:xx:xx which appears to be manufactured by Espressif Inc., a Chinese company who does generic WiFi chipsets mostly for IoT. But I don't have anything like that in my house, and I'm not sure if this is a malicious thing or not.
My SSIDs are set to hidden and have WPA2 on. This connection is only targeting eth1 (2.4GHz). Does anyone have a device with the similar MAC address? And if so, what is that device? Just trying to track it down...
Thanks.
The log spam looks like this:
Mar 5 11:54:11 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:15 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:15 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:19 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:19 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:24 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:24 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:28 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:28 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:32 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:32 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:36 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:36 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:40 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:40 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:44 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:44 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:15 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:15 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:19 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:19 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:24 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:24 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:28 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:28 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:32 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:32 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:36 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:36 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:40 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:40 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
Mar 5 11:54:44 syslog: WLCEVENTD wlceventd_proc_event(386): eth1: Deauth_ind D8:F1:5B:XX:XX:XX, status: 0, reason: Deauthenticated because sending station is leaving (or has left) IBSS or ESS (3)
Mar 5 11:54:44 syslog: WLCEVENTD wlceventd_proc_event(420): eth1: Auth D8:F1:5B:XX:XX:XX, status: 0, reason: d11 RC reserved (0)
This was mostly fixed after following the above thread, however today I noticed the spam again. However what's interesting is it appears to be from a MAC address that is unidentified and I don't recognize it either, and the Wireless Log shows the device as '<unknown>' for both IP and device name. Additionally, this device is not listed in the 'Display low level details' at all.
It constants auths, then dissasocs, and after awhile I think gives up and doesn't do it anymore.
The MAC address of the offending device is D8:F1:5B:xx:xx:xx which appears to be manufactured by Espressif Inc., a Chinese company who does generic WiFi chipsets mostly for IoT. But I don't have anything like that in my house, and I'm not sure if this is a malicious thing or not.
My SSIDs are set to hidden and have WPA2 on. This connection is only targeting eth1 (2.4GHz). Does anyone have a device with the similar MAC address? And if so, what is that device? Just trying to track it down...
Thanks.