× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Orbi WiFi 7 RBE973
Reply

R6250 WiFi Clients are not identified

rsdavis1
Aspirant

R6250 WiFi Clients are not identified

I have both wired and wireless clients served by this R6250 router.  Wireless security is WPA2-PSK [AES].  All seem to be functioning normally.  However, the list of wireless clients always includes 2-4 connections that are not identified by device name and sometimes not even by IP address.  All are identified by MAC address but they are unknown to me.  I've changed the password and this seems to have no effect on the mystery connections.  Should I be concerned? Are these "phantom" connections somehow related to the laptops, printers, TIVO or XBox 360 that are connected to the wireless network?  Any thoughts would be welcomed. 

Model: R6250|Smart WiFi Router (AC1600)
Message 1 of 8

Accepted Solutions
antinode
Guru

Re: R6250 WiFi Clients are not identified

> [...] Any ideas?

 

   I can offer some clues.

 

   Names which begin with "HP", like "HPA08CFD6E31EC" ("6") and
"HPFA0C87" ("9") suggest Hewlett Packard.  The last six characters of
those names match the low six (hexadecimal) digits of the MAC address,
which is typical for such automatically generated names.

 

   On "9", the OUI ("64:51:06") is registered to HP.  See, for example,
a Web site like: https://aruljohn.com/mac.pl

 

   My quick Web search suggested that "02:0F:B5" ("6") is a virtual OUI,
typically used by devices like wireless extenders.

 

   In "10", the OUI ("20:EE:28") is registered to Apple, which is, at
least, suggestive.

 

   "7" and "8" remains mysteries.


   In general, if a device didn't get an IP address, then calling it a
"connection" might be over-stating things.  Without an IP address, I'd
say that there's a limit to how much trouble it can cause.  Those could
be wireless devices which tried to connect using bad credentials, for
example.

 

   If a device did get an IP address (like, say, "8"), then I might try
pointing a web browser at that address, to see if it's willing to talk
that way.  (Many types of devices do that these days.)

 

   You might run an experiment or two, too.  For example, introduce a
novel wireless device, intentionally specify a bad passphrase, and
observe the (changed?) results.  Or, power down your whole dwelling,
then bring back the router, and then add other devices or power circuits
and watch the changes.

 

   Beyond that, tools exist to monitor/trace network traffic, but I
don't use them enough to make any recommendations.

View solution in original post

Message 7 of 8

All Replies
sgc1
Aspirant

Re: R6250 WiFi Clients are not identified

I am having the same issue on my router.  Except it shows up as a WIRED connection.  I have no wired connections.  I blocked it as I fear it is spyware,  I have reloaded the frmware, but it still can get rid of it.  This just started occuring.  I've been sing this router for well over a year with no issues.

Model: R8000P|Nighthawk X6S AC4000 Tri Band WiFi Router
Message 2 of 8
antinode
Guru

Re: R6250 WiFi Clients are not identified

> I am having the same issue on my router. Except it shows up as a
> WIRED connection. [...]

 

   So, exactly the same, except for the different hardware, the
different firmware, and the different behavior?  Might be a good reason
to start a new, different thread.

 

   I may be easily mystified, but I can't understand why anyone would
report a problem like "I'm seeing strange/unexpected stuff, but I won't
actually show you any of it."  Copy+paste is your friend.

 

> [...] I have no wired connections. [...]

 

   If nothing is connected to any of the LAN Ethernet ports on the
router, then I see no good excuse for the firmware saying that there is
one.

 

> [...] I blocked it as I fear it is spyware, [...]

 

At least one of us seems to have no idea what "spyware" means.

Message 3 of 8
sgc1
Aspirant

Re: R6250 WiFi Clients are not identified

All very helpful responses.  thank you.   If you do some research on the web, there are infections that are happeing across various models and brands of wireless routers  This appears to be one of the signs of an infected router.   I had a linksys a few years ago, and after a while, the same thing happened.  That was the reason I decided to try NETGEAR, but apparently the issue goes across brands.

Model: R8000P|Nighthawk X6S AC4000 Tri Band WiFi Router
Message 4 of 8
antinode
Guru

Re: R6250 WiFi Clients are not identified

> [...] If you do some research on the web, [...]

 

   Thanks for the helpful links.

Message 5 of 8
rsdavis1
Aspirant

Re: R6250 WiFi Clients are not identified

Taking the advice of an earlier responder to cut and paste, I've copied below an excerpt from the router's attached devices list. Lines 6 and 9 show known devices on my network.  I have no idea what lines 7, 8,and 10 are.  Any ideas? 

 

6192.168.1.250HPA08CFD6E31EC02:0F:B5:6E:31:EC
7----2A:80:88:34:25:27
8192.168.1.5--EE:13:FC:14:FC:A5
9192.168.1.15HPFA0C8764:51:06:FA:0C:87
10----20:EE:28:9B:A2:90
Model: R6250|Smart WiFi Router (AC1600)
Message 6 of 8
antinode
Guru

Re: R6250 WiFi Clients are not identified

> [...] Any ideas?

 

   I can offer some clues.

 

   Names which begin with "HP", like "HPA08CFD6E31EC" ("6") and
"HPFA0C87" ("9") suggest Hewlett Packard.  The last six characters of
those names match the low six (hexadecimal) digits of the MAC address,
which is typical for such automatically generated names.

 

   On "9", the OUI ("64:51:06") is registered to HP.  See, for example,
a Web site like: https://aruljohn.com/mac.pl

 

   My quick Web search suggested that "02:0F:B5" ("6") is a virtual OUI,
typically used by devices like wireless extenders.

 

   In "10", the OUI ("20:EE:28") is registered to Apple, which is, at
least, suggestive.

 

   "7" and "8" remains mysteries.


   In general, if a device didn't get an IP address, then calling it a
"connection" might be over-stating things.  Without an IP address, I'd
say that there's a limit to how much trouble it can cause.  Those could
be wireless devices which tried to connect using bad credentials, for
example.

 

   If a device did get an IP address (like, say, "8"), then I might try
pointing a web browser at that address, to see if it's willing to talk
that way.  (Many types of devices do that these days.)

 

   You might run an experiment or two, too.  For example, introduce a
novel wireless device, intentionally specify a bad passphrase, and
observe the (changed?) results.  Or, power down your whole dwelling,
then bring back the router, and then add other devices or power circuits
and watch the changes.

 

   Beyond that, tools exist to monitor/trace network traffic, but I
don't use them enough to make any recommendations.

Message 7 of 8
rsdavis1
Aspirant

Re: R6250 WiFi Clients are not identified

Thanks!  This is a big help.  I've been able to track all but one of the "mystery" links to devices in my home. I don't know what they are, but they disappeared when I disabled specific devices. The one unknown is; 

 

9192.168.1.5--EE:13:FC:14:FC:A5

  

Don't have a cluse what it is, but it keeps popping up on the "connected devices" list

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 1623 views
  • 1 kudo
  • 3 in conversation
Announcements

Orbi WiFi 7