Suspicious Entry in SysLog

[chetansha]

i kept seeing this Mac address continually since last few days; I am not able to find this MAC in list of my devices, i am not sure what this device is. It says TUYA CORP
Line 4542: Feb 20 18:05:45 wlceventd: wlceventd_proc_event(645): eth6: Deauth_ind B8:06:0D:46:BD1, status: 0, reason: Unspecified reason (1), rssi:0
Line 4543: Feb 20 18:05:45 wlceventd: wlceventd_proc_event(685): eth6: Auth B8:06:0D:46:BD1, status: Successful (0), rssi:0

Line 5016: Feb 20 19:05:52 wlceventd: wlceventd_proc_event(645): eth6: Deauth_ind B8:06:0D:46:BD1, status: 0, reason: Disassociated due to inactivity (4), rssi:0
Line 5017: Feb 20 19:05:52 wlceventd: wlceventd_proc_event(662): eth6: Disassoc B8:06:0D:46:BD1, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:0
Line 5018: Feb 20 19:05:52 hostapd: eth6: STA b8:06:0d:46:bd:d1 IEEE 802.11: disassociated
Line 5019: Feb 20 19:05:52 hostapd: eth6: STA b8:06:0d:46:bd:d1 IEEE 802.11: disassociated

 

[n2ubp]

i kept seeing this Mac address continually since last few days; I am not able to find this MAC in list of my devices, i am not sure what this device is. It says TUYA CORP

TUYA is an IOT device.

 

[bennor]

i am not sure what this device is. It says TUYA CORP

What IoT devices, like smart plugs, smart bulbs and wifi cameras, do you have connected to the router's WiFi?

Personally I see those kinds of entries in the system log all the time due to the various devices I have connected to the router's WiFi. From my smartphone to various IoT devices.

 

[zer0bitz]

TUYA is an IOT device.

Yup. I have several Ledvance WiFi RGB Smart lamps in my home, but for some reason they appear as TUYA in devices list.

 

[degrub]

Tuya Inc. - Wikipedia

en.wikipedia.org

phoning home with all surveillance data.

 

[Ripshod]

Feb 20 18:05:45 wlceventd: wlceventd_proc_event(685): eth6: Auth B8:06:0D:46:BD1, status: Successful (0), rssi:0

Although this entry states "successful" the "rssi:0" means it's not connected.
Typical when there is a device close by that hasn't been set up on a wifi network and just tries it's luck with yours. Devices like this will connect to any unsecured wifi to call home.
Your WiFi is secure, so just consider it log noise and ignore.

 

[killweav]

If this really is not your device it could be an errant neighbor's device that is misconfigured. Router's must acknowledge auth/deauth requests. If you never see assoc, and rssi stays at 0, it means no connection to your network. I had the same issue months back from some Tuya devices. If I blocked the MAC, it would pop up with another Tuya MAC. I was seeing 1K of those auth/deauth requests per day and it was so annoying what I ended up putting all my 2.4ghz IoT devices on thread and disabling the 2.4ghz radio on my router. Now all my low bandwidth IoT devices are on their own mesh network and my high bandwidth IoT devices (security cameras, etc) are on 5ghz band.

Make sure to harden your router / wifi. Find out which of your devices don't support WPA3 and see if you can replace them with devices that do support WPA3 & then switch your 2.4 to use WPA3 only security, not mixed. WPA3 requires protected management frames. Use a password generator to generate a min. 32 character long WiFi password & router admin password.

If an IoT device is advertised as matter-over-wifi it has a higher chance of supporting WPA3 as WPA3 support is required after 2020.

Not saying anything untoward is happening just that these are generally good practices.

In my case I just became so annoyed with it keep popping up with new variations on MAC address. After 3 new MAC I was done with 2.4ghz.

Tuya Smart Inc.
wl0
F8:17:2D:7E:96:FC
F8:17:2D:7E:93:5A
F8:17:2D:7E:89:A1

Hope this helps. Cheers.