What's new

Unknown MAC Address in logs

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

jtiz

Occasional Visitor
In my General Log, I see many reported events of an unknown MAC address being authorized and deauthorized every few seconds:

Mar 2 21:09:26 wlceventd: wlceventd_proc_event(505): eth6: Auth D4:A6:51:30:C4:94, status: Successful (0)
Mar 2 21:09:28 wlceventd: wlceventd_proc_event(469): eth6: Deauth_ind D4:A6:51:30:C4:94, status: 0, reason: Unspecified reason (1)
Mar 2 21:09:28 wlceventd: wlceventd_proc_event(505): eth6: Auth D4:A6:51:30:C4:94, status: Successful (0)
Mar 2 21:09:30 wlceventd: wlceventd_proc_event(469): eth6: Deauth_ind D4:A6:51:30:C4:94, status: 0, reason: Unspecified reason (1)
Mar 2 21:09:30 wlceventd: wlceventd_proc_event(505): eth6: Auth D4:A6:51:30:C4:94, status: Successful (0)
Mar 2 21:09:31 wlceventd: wlceventd_proc_event(469): eth6: Deauth_ind D4:A6:51:30:C4:94, status: 0, reason: Unspecified reason (1)
Mar 2 21:09:31 wlceventd: wlceventd_proc_event(505): eth6: Auth D4:A6:51:30:C4:94, status: Successful (0)

In my Wireless Log, I also see the same MAC address always listed under 2.4ghz, but it has no IP, Tx/Rx rate, connection time, etc. Under Streams, it does show 3(b), but i have no devices that'd fit this description. It says manufacturer is Tuya Smart, but once again, no devices that could fit that description that are unaccounted for.

I've already tried removing smart home devices one by one and it remains once everything else is disconnected. Also, when I reboot or reset my router, it shows up immediately - before most other clients re-appear.

I even tried creating a Wireless MAC filter to reject this one MAC address, but when I did that, I lost wifi connectivity to ALL of my wifi devices (on 5ghz and 2.4ghz). I needed to plug my laptop into LAN via ethernet to re-access the internet and router GUI, and revert that wireless MAC filter.

Therefore, I THINK that this MAC address may not be a device/client on my network, but may have something to do with the router's 2.4ghz antenna (since it shows 3 stream in wireless log, which matches the 2.4ghz radio stream capacity).

However, not sure if this is accurate/possible, and no idea how to get rid of this unknown MAC address from my wireless log and general log.

If i change general log level to "warning" the logs disappear, but the MAC address ALWAYS remains under wireless log.

Please help me get rid of this!

Asus AX86U running the latest version of Asuswrt-Merlin firmware. However, this issue has persisted through multiple versions of firmware.

Thanks in advance!
 

Attachments

  • Screen Shot 2022-03-07 at 4.56.33 PM.png
    Screen Shot 2022-03-07 at 4.56.33 PM.png
    108.4 KB · Views: 237
Last edited:
Can you change code tag as you don't relese anything.
 
Is that MAC address close to any addresses you *do* recognize? Many devices use several adjacent addresses.
 
Is that MAC address close to any addresses you *do* recognize? Many devices use several adjacent addresses.
Good question, but no. It does not look similar to any other MAC addresses from devices currently or recently on my network.
 
Do any of your devices use/support randomized Mac addresses?
Is it always the exact same Mac address? (Over a week or more)

You could always change your Ssid and see what happens if you are concerned.
 
Do any of your devices use/support randomized Mac addresses?
Is it always the exact same Mac address? (Over a week or more)

You could always change your Ssid and see what happens if you are concerned.
Always the exact same MAC address. And I’ve tried switching SSID and it followed.

Not so much worried about it as a threat at this point as I am annoyed by the constant logs and figure it must be wasting resources if it’s constantly authorizing and deauthorizing.
 
On an ssid scan I found some Xbox controllers wifi direct appearing and disappearing. Maybe some sort of wifi direct device?
 
iPad and iPhone can randomise their MACaddrs. If you have any in the network then check their wifi settings.
 
On an ssid scan I found some Xbox controllers wifi direct appearing and disappearing. Maybe some sort of wifi direct device?
Just curious...have you ruled out all of your IoT devices (e.g., TreatLife smart switches, etc.)?
I've gone room by room in my house several times to make sure there are no other IoT / wifi-enabled devices, or even electronics, that I am overlooking. I've even checked to see if any of my appliances were wifi-enabled that i was unaware of.

It could be a neighbor's IoT device that isn't connected and trying to connect. I live in a condo with plenty of neighbors nearby.

HOWEVER, the fact that it shows up as 3 (b) streams leads me to believe it is not an IoT device at all... What IoT device has 3 streams or uses 802.11b standard!? My Google Home, Nest Audio, robot vac, and printer are all 1 (n or ac). Most of my other devices are 2 (ac or ax), except for my computer, which is 3 (ac). I've never seen anything else 3(b) streams.

Also, after a router reboot, this unknown mac address always shows up immediately (before most other devices) on the wireless log, but never gets assigned an IP, nor appears on the client list.
 

Attachments

  • Screen Shot 2022-03-07 at 4.56.33 PM.png
    Screen Shot 2022-03-07 at 4.56.33 PM.png
    108.4 KB · Views: 187
iPad and iPhone can randomise their MACaddrs. If you have any in the network then check their wifi settings.
Checked this as well, and the MAC addresses that the iOS devices are using are accounted for and correct.
 
The MAC belongs to Tuya Smart, Inc. By all appearances they are a Hong Kong based maker of smart switches, bulbs, etc. Do you have any of those sorts of devices? If not, perhaps a neighbor does.
 
Change your Router and WiFi passwords. See if it still shows up.

(Or, change the SSIDs, temporarily).

If it still shows up, it may 'also' be wired.
 
Is it getting an ip? Block the address and see who complains?
I had an unknown a couple of days back. I blocked it and about 30 minutes later the missus complained that her iPad couldn't get Facebook. I had that one sorted out but somehow one of the settings was changed.
 
HOWEVER, the fact that it shows up as 3 (b) streams leads me to believe it is not an IoT device at all... What IoT device has 3 streams or uses 802.11b standard!? My Google Home, Nest Audio, robot vac, and printer are all 1 (n or ac). Most of my other devices are 2 (ac or ax), except for my computer, which is 3 (ac). I've never seen anything else 3(b) streams.
My money would be on one of your own devices as it sounds like you have quite a few. One of them could be using a fallback technique to try and connect despite your settings. If it isn't actually connecting, then whether it is one of yours or a neighbours doesn't really matter anyway :)
 
are you using an iPhone or iPad?

Mine showed up as the regualar Mac and Random one.

I have tried disconnecting from my network, disabling MAC randomization, airplane mode, and even turning off my phones. Also, iPhones show up as 2(AX) devices, not 3(b). So I am pretty sure it it not due to any of the iPhones in the house (no iPads).

Also, i have tried the basic troubleshooting step of turning a device off or unplugging one at a time, and then all together, to see if the mysterious MAC address disappears, but it does not.

As mentioned previously, this is the first item that shows up after a router re-boot and is always in the wireless log but never connected... Everyone in this thread seems to really expect it to be an unknown client device. I know that's the obvious thought, but I really believe this may have something to do with the router itself since it's always present, but never connected or assigned a LAN IP. It's also the only client that i've ever seen with 3 antennas, other than my apple computers, which are 3(AC). However, this unknown MAC address only tries to authenticate with the 2.4ghz network since it's of the 802.11b standard (which i don't think is even used anymore).
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top