- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: Rogue AP with unknown MAC Identifier
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've been using the RBS50+RBS50 for some time now, and a while ago one of my security devices alerted me there was a rogue AP in the area broadcasting on my SSID.
When I researched the MAC identifier, there is no known manufacturer. It starts with 92:3B:...
I thought it was just a local scriptkiddie, and that he/she would give up after a few days.
As there's no change, and I still get the alerts, I took some time looking into it, and it seems there are in fact 2 rogue APs, with MAC addresses very close to my actual 2 routers.
Is this some obscure component from Netgear? I can't any reference to it, nor is the MAC address listed anywhere online or in the ORBI web interface.
Can anyone shed any light into it? Or do I need to drive around to create a WiFi coverage map of the neighborhood to track this idiot down?
(Latest firmware etc of course)
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Those back haul MACs are hidden as there is not need for any user use for them and is only used by the Orbi system. Since the system is designed to be automatic and mostly simplistic configuration, theres no need for displaying of some system settings and configurations. This is how it works for MESH and Smart Connected features. You might contact the Mfr of your security device to ask about how they detect and handle MESH and Smart Connect wifi router systems. Probably a false positive on there part.
@SimonBelgium wrote:
Seriously? Why would they not list those in the web interface?
How can I identify which ones are the actual "hidden" MACs? Yes they are VERY close to the actual MACs
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue AP with unknown MAC Identifier
There are 4x4 hidden SSID's used by the Orbi Backhaul, those networks usually have MAC addresses similar to the ones broadcasting the clinet networks with the first or last 2 characters in the MAC different. Are you referring to those?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue AP with unknown MAC Identifier
I would use a wifi scanner to see whats going in your surroundings:
https://itunes.apple.com/us/app/network-analyzer-lite-wifi/id562315041?mt=8
http://www.nirsoft.net/utils/wifi_information_view.html
https://www.acrylicwifi.com/en/wlan-software/wlan-scanner-acrylic-wifi-free/
https://lizardsystems.com/wi-fi-scanner/screenshots.php
http://nutsaboutnets.com
http://www.metageek.com/products/inssider/
Is Guest Network enabled by chance?
@SimonBelgium wrote:
I've been using the RBS50+RBS50 for some time now, and a while ago one of my security devices alerted me there was a rogue AP in the area broadcasting on my SSID.
When I researched the MAC identifier, there is no known manufacturer. It starts with 92:3B:...
I thought it was just a local scriptkiddie, and that he/she would give up after a few days.
As there's no change, and I still get the alerts, I took some time looking into it, and it seems there are in fact 2 rogue APs, with MAC addresses very close to my actual 2 routers.
Is this some obscure component from Netgear? I can't any reference to it, nor is the MAC address listed anywhere online or in the ORBI web interface.
Can anyone shed any light into it? Or do I need to drive around to create a WiFi coverage map of the neighborhood to track this idiot down?
(Latest firmware etc of course)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue AP with unknown MAC Identifier
Seriously? Why would they not list those in the web interface?
How can I identify which ones are the actual "hidden" MACs? Yes they are VERY close to the actual MACs
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue AP with unknown MAC Identifier
@SimonBelgium wrote:
Yes they are VERY close to the actual MACs
Then I would say that these are your backhaul wifi channels.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Those back haul MACs are hidden as there is not need for any user use for them and is only used by the Orbi system. Since the system is designed to be automatic and mostly simplistic configuration, theres no need for displaying of some system settings and configurations. This is how it works for MESH and Smart Connected features. You might contact the Mfr of your security device to ask about how they detect and handle MESH and Smart Connect wifi router systems. Probably a false positive on there part.
@SimonBelgium wrote:
Seriously? Why would they not list those in the web interface?
How can I identify which ones are the actual "hidden" MACs? Yes they are VERY close to the actual MACs
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue AP with unknown MAC Identifier
Thanks guys,
Is there any documentation on the use of those virtual MACs for the backchannel?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue AP with unknown MAC Identifier
There isn't from what I can tell.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue AP with unknown MAC Identifier
When I installed the new V2.2.1.210 firmware on 10/12/18, I started seeing a weird device showing up. The Orbi's Attached Devices admin page identified it as a Cadant device, and when I checked the IP address it matched the range for a Comcast server upstream of me. At the same time I started having a bunch of DHCP issues, with my SB6141 modem trying to supply some 192.168.100.X addresses on the network and the Orbi supplying the expected 192.168.1.X range. I power cycled everything (cable modem, Orbis and ethernet switches) and haven't seen the Cadant device for a few days.
Good luck!
SB6141>RBR40>(wired)RBS40 w/30+ devices attached total
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue AP with unknown MAC Identifier
If you updated to recent FW v.210, try enabling Daisy Chain. Some have mentioned that this seems to be working in reverse order, enabling means disabled actually. Hoping NG support can have a look at this. So try this out as well.
https://community.netgear.com/t5/Orbi/Firmware-2-2-1-210-and-connection-problems-Skybell/m-p/1649275...
If you see this again, try this next time:
@RickDias wrote:
When I installed the new V2.2.1.210 firmware on 10/12/18, I started seeing a weird device showing up. The Orbi's Attached Devices admin page identified it as a Cadant device, and when I checked the IP address it matched the range for a Comcast server upstream of me. At the same time I started having a bunch of DHCP issues, with my SB6141 modem trying to supply some 192.168.100.X addresses on the network and the Orbi supplying the expected 192.168.1.X range. I power cycled everything (cable modem, Orbis and ethernet switches) and haven't seen the Cadant device for a few days.
Good luck!
SB6141>RBR40>(wired)RBS40 w/30+ devices attached total
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more