What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

wlceventd_proc_event spam by unknown MAC-address

expor

Occasional Visitor
Not even sure it should be in the Merlin sub-thread as probably this would also occur on Asus FW but here goes...

Today I updated my AX56U to 386.7_2 and when doing a quick sanity check on my system log I saw a LOT of wlceventd_proc_event() events being spammed. At first I thought one of my devices was having issues to connect but when checking the client list all known devices are connected. To be sure I disconnected all WiFi devices and indeed, the spam continued. When hiding my 2.4ghz SSID the spam stops, when enabling it again the spam continued. Finally I simply added a MAC filter to block the mac address and the spam completely stopped.

Just a snippet, this recurs every few seconds in bursts (aproximately 6 entries per 2 seconds):
Code:
Aug 15 20:23:24 wlceventd: wlceventd_proc_event(505): eth5: Auth 70:89:76:65:A8:74, status: Successful (0)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(469): eth5: Deauth_ind 70:89:76:65:A8:74, status: 0, reason: Unspecified reason (1)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(505): eth5: Auth 70:89:76:65:A8:74, status: Successful (0)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(469): eth5: Deauth_ind 70:89:76:65:A8:74, status: 0, reason: Unspecified reason (1)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(505): eth5: Auth 70:89:76:65:A8:74, status: Successful (0)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(469): eth5: Deauth_ind 70:89:76:65:A8:74, status: 0, reason: Unspecified reason (1)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(505): eth5: Auth 70:89:76:65:A8:74, status: Successful (0)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(469): eth5: Deauth_ind 70:89:76:65:A8:74, status: 0, reason: Unspecified reason (1)

When looking at nearby WiFi devices on my phone I do see an "AP_<somenumbers>" with maximum signal. Can it be that some neighbors AP is continuisly trying to connect causing the observed log pollution? I'm only a beginner when it comes to this kind of material so any info would be appreciated.
 
I had a similar problem once, my neighbor bought a new IoT device, he even recommended me to buy it, after a few weeks I found that the IoT device kept trying to access my router, at first I thought it was some kind of attempt at plotting indoor coordinates, but soon I realized that plotting indoor coordinates doesn't require constantly entering wrong wifi passwords, it's a brute force attempt to crack wifi.

You may have the same problem as mine, the IoT device is either hacked or it has malicious firmware itself.
 
Similar threads
Thread starter Title Forum Replies Date
M wan-event and wan0_realip_ip Asuswrt-Merlin 2
O service-event-end question Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top