09-16-2022 03:42 PM - last edited on 03-06-2024 10:15 PM by ROGBot
Sep 13 11:55:50 wlceventd: wlceventd_proc_event(527): eth6: Auth CC:4B:73:9A:90:A8, status: Successful (0), rssi:-20
Sep 13 11:55:50 wlceventd: wlceventd_proc_event(556): eth6: Assoc CC:4B:73:9A:90:A8, status: Successful (0), rssi:-20
Sep 13 11:55:53 wlceventd: wlceventd_proc_event(508): eth6: Disassoc CC:4B:73:9A:90:A8, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:0
Sep 13 11:55:53 wlceventd: wlceventd_proc_event(508): eth6: Disassoc CC:4B:73:9A:90:A8, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:0
Sep 16 09:39:51 wlceventd: wlceventd_proc_event(527): eth6: Auth CC:4B:73:9A:90:A8, status: Successful (0), rssi:-21
Sep 16 09:39:51 wlceventd: wlceventd_proc_event(556): eth6: Assoc CC:4B:73:9A:90:A8, status: Successful (0), rssi:-21
Sep 16 09:39:54 wlceventd: wlceventd_proc_event(508): eth6: Disassoc CC:4B:73:9A:90:A8, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:0
Sep 16 09:39:54 wlceventd: wlceventd_proc_event(508): eth6: Disassoc CC:4B:73:9A:90:A8, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:0
09-16-2022 05:07 PM
09-16-2022 08:07 PM
Murph_9000 wrote:
I don't have a GS-AX series to confirm it, but it should be the same as the GT-AX series. It's in the Wireless section (on the left), and the "Wireless MAC Filter" tab. On the GT series, firmware version 3.0.0.4.386_49556, you can find it at http://192.168.50.1/Advanced_ACL_Content.asp (substitute your router's IP in there, if it's different).
09-17-2022 08:26 AM
Murph_9000 wrote:
Auth and Assoc successful makes me think it's successfully authenticating to the wireless network. DHCP shouldn't be possible to an unauthenticated client (in a closed network, open obviously allows anyone past the gate). It's almost certainly a device that has the pre-shared key. Something to note is that WPA is essentially insecure and deprecated; it should not be used or allowed on a secured network in 2022. If you do have fairly ancient devices that can only do WPA authentication (and not WPA2/WPA3), that's a problem that means you can kinda only have an insecure (WPA will prevent casual attempts to connect, but is no longer considered secure against a determined attacker) network if you want to keep those devices online. Set your authentication to either WPA2-Personal, WPA3-Personal, or WPA2/WPA3-Personal. WPA3 provides the best security, but is relatively new and you may well have devices that don't support it. Change your pre-shared key, as it's actively compromised if this unknown MAC really is an intruder (and not something like a member of the household that has an extra device, or a gadget you forgot about).
You should be able to setup MAC filtering on the router, although should note that MAC filtering where you only deny particular MAC addresses isn't a proper form of security. MAC addresses can be changed on the client end, and a determined attacker will just change to a new address to bypass a block. Filtering by only allowing known MAC addresses is the other option, and relatively secure, but it's another set of stuff to manage when you are adding/changing devices.
I don't have a GS-AX series to confirm it, but it should be the same as the GT-AX series. It's in the Wireless section (on the left), and the "Wireless MAC Filter" tab. On the GT series, firmware version 3.0.0.4.386_49556, you can find it at http://192.168.50.1/Advanced_ACL_Content.asp (substitute your router's IP in there, if it's different).
MAC block CC:4B:73 is allocated to "AMPAK Technology, Inc.", but that may not match the branding on the device (e.g. if they produce the chip/interface used by another company).
09-17-2022 08:49 AM
09-17-2022 08:52 AM
09-17-2022 09:10 AM
jzchen wrote:
Apple devices are able to share WiFi login details to other family member Apple devices. I could easily see someone sharing the WiFi and one gaining access that way. I don't have more than one Samsung in the household but I'd guess they have that feature as well....
A main function of the DHCP server is to assign an IP address that is not already used, and within the range allotted. Why it would be designed to do this for any unauthorized device wouldn't make sense to me.
09-17-2022 01:03 PM
dpwhite wrote:
When my wife goes out later today I will try changing the wifi security mode.
Thanks
ep 17 12:57:40 wlceventd: wlceventd_proc_event(527): eth5: Auth 00:37:6D:4B:0A:6B, status: Successful (0), rssi:0
Sep 17 12:57:40 wlceventd: wlceventd_proc_event(556): eth5: Assoc 00:37:6D:4B:0A:6B, status: Successful (0), rssi:-61
Sep 17 12:57:42 wlceventd: wlceventd_proc_event(491): eth5: Deauth_ind 00:37:6D:4B:0A:6B, status: 0, reason: Station requesting (re)association is not authenticated with responding station (9), rssi:0
Sep 17 12:57:42 wlceventd: wlceventd_proc_event(508): eth5: Disassoc 00:37:6D:4B:0A:6B, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8), rssi:0
killall dnsmasq
rm /var/lib/misc/dnsmasq.leases
service restart_dnsmasq
09-17-2022 02:32 PM
09-17-2022 02:45 PM