What's new

wlceventd_proc_event spam by unknown MAC-address

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

expor

Occasional Visitor
Not even sure it should be in the Merlin sub-thread as probably this would also occur on Asus FW but here goes...

Today I updated my AX56U to 386.7_2 and when doing a quick sanity check on my system log I saw a LOT of wlceventd_proc_event() events being spammed. At first I thought one of my devices was having issues to connect but when checking the client list all known devices are connected. To be sure I disconnected all WiFi devices and indeed, the spam continued. When hiding my 2.4ghz SSID the spam stops, when enabling it again the spam continued. Finally I simply added a MAC filter to block the mac address and the spam completely stopped.

Just a snippet, this recurs every few seconds in bursts (aproximately 6 entries per 2 seconds):
Code:
Aug 15 20:23:24 wlceventd: wlceventd_proc_event(505): eth5: Auth 70:89:76:65:A8:74, status: Successful (0)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(469): eth5: Deauth_ind 70:89:76:65:A8:74, status: 0, reason: Unspecified reason (1)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(505): eth5: Auth 70:89:76:65:A8:74, status: Successful (0)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(469): eth5: Deauth_ind 70:89:76:65:A8:74, status: 0, reason: Unspecified reason (1)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(505): eth5: Auth 70:89:76:65:A8:74, status: Successful (0)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(469): eth5: Deauth_ind 70:89:76:65:A8:74, status: 0, reason: Unspecified reason (1)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(505): eth5: Auth 70:89:76:65:A8:74, status: Successful (0)
Aug 15 20:23:27 wlceventd: wlceventd_proc_event(469): eth5: Deauth_ind 70:89:76:65:A8:74, status: 0, reason: Unspecified reason (1)

When looking at nearby WiFi devices on my phone I do see an "AP_<somenumbers>" with maximum signal. Can it be that some neighbors AP is continuisly trying to connect causing the observed log pollution? I'm only a beginner when it comes to this kind of material so any info would be appreciated.
 
I had a similar problem once, my neighbor bought a new IoT device, he even recommended me to buy it, after a few weeks I found that the IoT device kept trying to access my router, at first I thought it was some kind of attempt at plotting indoor coordinates, but soon I realized that plotting indoor coordinates doesn't require constantly entering wrong wifi passwords, it's a brute force attempt to crack wifi.

You may have the same problem as mine, the IoT device is either hacked or it has malicious firmware itself.
 
Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top