RT AC86u / 3.0.0.4.386.41634 / Unknown mac's appearing

[ATLga]

Updated firmware to 3.0.0.4.386.41634

Started seeing two unknown mac's in my System Log General. This is the ONLY place I see them spamming the log over and over. Do NOT see them in Network View List, , Wireless Log, or DHCP Leases.

I am stumped on wtf these are???

fe:4d:77 and d4:a6:51 (Tuya Smart per google search)


I went so far as to delete settings from every device in the house, changed user ID & password on the router multiple times. Even with the connected laptop being the only device left on the network, these damn Mac addresses still show up. Literally ever 2-3 seconds it pops the log. After messing with the router half the day and it still showing up even though user and password were changed, I Mac address blocked it and it stopped spamming. I also noticed if I turned off the 2.4 radio it would stop. WTF is this???

 

[OzarkEdge]

I also noticed if I turned off the 2.4 radio it would stop. WTF is this???

Maybe some confused/sick 2.4 IoT client? Unplug it.

OE

 

[ATLga]

Maybe some confused 2.4 client that needs a restart?

OE

Ha, did that and left most of them off/unplugged from power.

 

[KsWoodsMan]

eth5 ? If I'm correct eth0 connects to the switch. While eth1 and eth2 are the connected to the 2.4 and 5.1 GHz radios respectively.
Real, or not, I'm certanly curious where your router picked up an extra device.


If I don't recognize the MAC address, I couldn't track it down and it only happens with 2.4 WiFi enabled, I'd change the password(s) for the 2.4 GHz network(s).
If it's still there, I'd immediately backup any files stored in the /jffs partition and do a full reset on the on the router configuring it from scratch with new and stronger passwords.

Before restoreing any of the files from the /jffs partition I'd manually confirm nothing about them was "amiss".

 

[ATLga]

eth5 ? If I'm correct eth0 connects to the switch. While eth1 and eth2 are the connected to the 2.4 and 5.1 GHz radios respectively.
Real, or not, I'm certanly curious where your router picked up an extra device.


If I don't recognize the MAC address, I couldn't track it down and it only happens with 2.4 WiFi enabled, I'd change the password(s) for the 2.4 GHz network(s).
If it's still there, I'd immediately backup any files stored in the /jffs partition and do a full reset on the on the router configuring it from scratch with new and stronger passwords.

Before restoreing any of the files from the /jffs partition I'd manually confirm nothing about them was "amiss".

Did all that. Reset about five times with different username and password each time. Came right back each time. I think eth5 is 2.4 and eth6 is 5 regarding WiFi
Mac filter blocked it but I’m curious why or how it appears and why it’s not in the other logs it should be in. That alone makes me think it’s some sort of bug

 

[ATLga]

Updated firmware to 3.0.0.4.386.41634

Started seeing two unknown mac's in my System Log General. This is the ONLY place I see them spamming the log over and over. Do NOT see them in Network View List, , Wireless Log, or DHCP Leases.

I am stumped on wtf these are???

fe:4d:77 and d4:a6:51 (Tuya Smart per google search)


I went so far as to delete settings from every device in the house, changed user ID & password on the router multiple times. Even with the connected laptop being the only device left on the network, these damn Mac addresses still show up. Literally ever 2-3 seconds it pops the log. After messing with the router half the day and it still showing up even though user and password were changed, I Mac address blocked it and it stopped spamming. I also noticed if I turned off the 2.4 radio it would stop. WTF is this???

Screenshot cut off the right side

it says rssi 0

 

[ATLga]

Updated firmware to 3.0.0.4.386.41634

Started seeing two unknown mac's in my System Log General. This is the ONLY place I see them spamming the log over and over. Do NOT see them in Network View List, , Wireless Log, or DHCP Leases.

I am stumped on wtf these are???

fe:4d:77 and d4:a6:51 (Tuya Smart per google search)


I went so far as to delete settings from every device in the house, changed user ID & password on the router multiple times. Even with the connected laptop being the only device left on the network, these damn Mac addresses still show up. Literally ever 2-3 seconds it pops the log. After messing with the router half the day and it still showing up even though user and password were changed, I Mac address blocked it and it stopped spamming. I also noticed if I turned off the 2.4 radio it would stop. WTF is this???

So on a whim, I setup another router in AP mode. All settings the same with the exception of different channels for 2.4 & 5. System Log does Not show the two phantom MAC addresses spamming.

So regarding the Ac86u it looks like a bug to me with something that doesn’t exist showing up in the one log only

 

[ATLga]

So on a whim, I setup another router in AP mode. All settings the same with the exception of different channels for 2.4 & 5. System Log does Not show the two phantom MAC addresses spamming.

So regarding the Ac86u it looks like a bug to me with something that doesn’t exist showing up in the one log only

Rolled firmware back to 384.82072 and have not seen the phantom Mac addresses showing up in System Log at all. .386 fw is really annoying as h3LL

 

[OzarkEdge]

Rolled firmware back to 384.82072 and have not seen the phantom Mac addresses showing up in System Log at all. .386 fw is really annoying as h3LL

No phantom MACs here. It's running fine so far.

OE

 

[ATLga]

Rolled firmware back to 384.82072 and have not seen the phantom Mac addresses showing up in System Log at all. .386 fw is really annoying as h3LL

Spoke to soon. Not long after it started spamming again.
First, updated back to just released last week fw.
Then I put all the iot devices in guest 3 (2.4 only) new ssid, changed ssid and pw on those devices to the new guest 3 info. Spamming continued. Changed the guest ssid again but not on the devices; spamming stopped. From there I narrowed this down to a new Amazon Echo Dot w/clock. It is configured correct in the Alexa app, and the damn Sidewalk feature is toggled off for the account. I'll be damned though if these things aren't broadcasting another Mac in addition to the one they already have. Maybe sidewalk is off but they broadcast anyway but don't allow connections? Don't know and there needs to be more info out on this.

Been racking my butt off for three days over this. I have a list of every device I own along with its MAC address and was positive these weren't mine. I guess this sorta explains why I didn't see them in any logs other than the main System Log, somehow their wifi is piggybacked onto the main ssid of the individual echo.

 

[bbunge]

Newer cell phones that randomize the MAC. Use the newer firmware. Ignore the log!

 

[ATLga]

Newer cell phones that randomize the MAC. Use the newer firmware. Ignore the log!

It's not the random Mac on the phones or the tablets. I know what the Macs are for those and these are in addition to that. Pretty stupid to ignore the log when there are unknown devices showing up without a clear explanation. Now I know what they are.

 

[OzarkEdge]

It's not the random Mac on the phones or the tablets. I know what the Macs are for those and these are in addition to that. Pretty stupid to ignore the log when there are unknown devices showing up without a clear explanation. Now I know what they are.

Much ado about nothing... unplug those silly Amazon things!

OE

 

[L&LD]

I have an enormous number of NaiN devices (Not allowed in Network) for my networks. They encompass all IoT sAt's (silly Amazon things!).

 

[OzarkEdge]

I have an enormous number of NaiN devices (Not allowed in Network) for my networks. They encompass all IoT sAt's (silly Amazon things!).

Yeah, I don't understand why people want to be enslaved to administrate superfluous Big Data dependencies on their network. Just say no, thanks.

OE

 

[ATLga]

To each their own as they say...

 

[dbell]

Wild guess - any Amazon devices (Ring, Echo, etc) with their new Sidewalk peer network bridging enabled ?

 

[OzarkEdge]

Wild guess - any Amazon devices (Ring, Echo, etc) with their new Sidewalk peer network bridging enabled ?

OP has already concluded this, so no guessing is required.

OE

 

[dbell]

Sorry did not notice that until re-reading the thread.

 

[ATLga]

Updated firmware to 3.0.0.4.386.41634

Started seeing two unknown mac's in my System Log General. This is the ONLY place I see them spamming the log over and over. Do NOT see them in Network View List, , Wireless Log, or DHCP Leases.

I am stumped on wtf these are???

fe:4d:77 and d4:a6:51 (Tuya Smart per google search)


I went so far as to delete settings from every device in the house, changed user ID & password on the router multiple times. Even with the connected laptop being the only device left on the network, these damn Mac addresses still show up. Literally ever 2-3 seconds it pops the log. After messing with the router half the day and it still showing up even though user and password were changed, I Mac address blocked it and it stopped spamming. I also noticed if I turned off the 2.4 radio it would stop. WTF is this???

@RMerlin
Would your firmware identify the IP address or any other info related to these Mac addresses?