Menu
Reply
Radar1968
  • 36
  • 1
  • 2
On our wavelength
562 Views
Message 1 of 11
Flag for a moderator

Hub 3 Rogue 5ghz WiFi Client

I had call today to check my Hub 3 connected clients and then noticed a 'unknown' client attached to the 5ghz network.  It had been assigned an IP address so is connected to the WiFi at around 70mbs.

The MAC address begins CA:95:13 and is not identifiable anywhere on MAC lookup websites.

If I use the Hub 3 ping tool then the IP address has 100% failures.  If I ping from my laptop I get intermittent replies.

If I block this MAC address then the entire WiFi collapses and nothing on the WiFi side of things works.  On either 2.4 or 5ghz. I have to unblock via an ethernet connected device to get things working again on WiFi.

I'm concerned as to what this device is but it would, from the above, appear to be some internal WiFi loopback type connection???  It only appears on the 5ghz WiFi.

I may try changing the connection password tomorrow to see if, as I expect, that the connection reappears, regardless.

Anyone able to assist or advise???  Any help appreciated.

Tags (2)
0 Kudos
Reply
goslow
  • 2.98K
  • 432
  • 1.11K
Trouble shooter
539 Views
Message 2 of 11
Flag for a moderator

Re: Hub 3 Rogue 5ghz WiFi Client


@Radar1968 wrote:

I had call today to check my Hub 3 connected clients and then noticed a 'unknown' client attached to the 5ghz network.  It had been assigned an IP address so is connected to the WiFi at around 70mbs.

<snip>


What does, "I had call today to check my Hub 3 connected clients ... " mean? Sounds like the opening line for a scam call.

0 Kudos
Reply
Radar1968
  • 36
  • 1
  • 2
On our wavelength
534 Views
Message 3 of 11
Flag for a moderator

Re: Hub 3 Rogue 5ghz WiFi Client

Perhaps I should have said "I had a requirement today to check....." 

I was checking the connections for another reason when I noticed this 'rogue' client.

I wasn't called by anyone so no scam involved.

 

0 Kudos
Reply
goslow
  • 2.98K
  • 432
  • 1.11K
Trouble shooter
532 Views
Message 4 of 11
Flag for a moderator

Re: Hub 3 Rogue 5ghz WiFi Client

Are you using the default passwords from the sticker on the bottom of the VM hub or your own unique passwords?

0 Kudos
Reply
Radar1968
  • 36
  • 1
  • 2
On our wavelength
529 Views
Message 5 of 11
Flag for a moderator

Re: Hub 3 Rogue 5ghz WiFi Client

My own unique 25 character password.

I have split 2.4 and 5ghz networks, though they share the same password.  I also have a network extender to reach the far corner of the house.

The rogue client only ever connects to the Hub 3 5ghz network and if I disable that 'rogue' MAC address ALL wifi functionality ceases for ALL devices (including the extender) across both 2.4 and 5ghz networks until the 'rogue' MAC is reinstated.

 

0 Kudos
Reply
goslow
  • 2.98K
  • 432
  • 1.11K
Trouble shooter
510 Views
Message 6 of 11
Flag for a moderator

Re: Hub 3 Rogue 5ghz WiFi Client

A 25 character password should be secure enough!

Does the rogue MAC have any link to the extender? Is your network extender a 'powerline' type of device (connecting across your home electrical wiring). If so, have you set up a unique encrypted password for the powerline link from the hub to extender? There have been some mentions in past topics of customers seeing rogue devices on their network (from neighbouring properties) using powerline connections and default passwords, which are being linked by a common electrical power connection.

Radar1968
  • 36
  • 1
  • 2
On our wavelength
503 Views
Message 7 of 11
Flag for a moderator

Re: Hub 3 Rogue 5ghz WiFi Client

Thanks for the reply.

The MAC is unrelated to the extender and I have confirmed the extender MACs on the Hub 3 so they are all accounted for.  They also show up on the MAC address lookup website as belonging to the company that made them.

The extender is WiFi based so doesn't use powerline.  I have disabled a couple of clients previously on it which appear to be the neighbours Sky Q and Sky extenders trying to connect.  They never get as far as IP addresses so I know they aren't actually connected like the current rogue one is.

I'm obviously concerned about the rogue device as it is unlikely my password was ever compromised.  Only 2 poeple know it and all my devices are up to date with security patches etc, so not sure how it would ever get out.  I'm going to try and change it temporarily in the morning to see if the rogue device reappears.  That way I'll know if its a some sort of internal thing at least.  The strange thing is the MAC prefix is unknown and like I said if I disable it's MAC my entire WiFi (Hub 3 and Extender) networks collapse.  The 2 WiFi networks for 2.4 nd 5ghz stay active and visible (my iphone is still connected) but nothing works on the internet.  Its like the outbound functionailty just stops for WiFi ONLY as my Philips Hue lights, on Hub 3 ethernet, carry on working.

So to reiterate:  Hub 3 5ghz wifi only.  Happens with extender off.  Unknown MAC prefix.  Disabling causes all outgoing WiFi traffic to fail.  

0 Kudos
Reply
Radar1968
  • 36
  • 1
  • 2
On our wavelength
484 Views
Message 8 of 11
Flag for a moderator
Helpful Answer

Re: Hub 3 Rogue 5ghz WiFi Client

OK, so its 00:50 in the morning and I've finally solved my issue.

Suffice to say it was 50% a technical issue and 50% human 'error' 😒

I won't go into any details to save my embarrassment but all is now fine and 'fixed' but I will say this......

If you are experiencing 'rogue' devices on your network that you don't recognise and they are up to date Apple devices running iOS or WatchOS, check your 'rogue' MAC addresses against the 'Private Address' your device may actually be using.  This is different to it's default MAC address. 

If you don't know what this is:  https://support.apple.com/en-gb/HT211227 

It could be a device is using a 'Private Address' and you didn't know 😉  Also don't 'fiddle' with MAC address blocking 🙄

I'd like to thank anyone who took the time to look at my post and especially to goslow for replying and making me not give up.

legacy1
  • 18.37K
  • 766
  • 1.92K
Alessandro Volta
475 Views
Message 9 of 11
Flag for a moderator

Re: Hub 3 Rogue 5ghz WiFi Client

This feature in the hub for displaying MAC's just makes people paranoid.😰 

---------------------------------------------------------------
0 Kudos
Reply
Tudor
  • 11.14K
  • 868
  • 2.2K
Very Insightful Person
Very Insightful Person
361 Views
Message 10 of 11
Flag for a moderator

Re: Hub 3 Rogue 5ghz WiFi Client

You can turn off this facility for iPhones and iPads, don't know about the watch. It does not turn it off for every connection because it's per SSID. 


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
0 Kudos
Reply