This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I have an odd problem. I'm seeing a rogue network device intermittantly appear. It shows as a iControl RC8025 Camera, serial number 12345678. No IP address. However I own nothing like it.
Using netstat when the "camera" is visible, shows a line similar to:
The local address is my computer (not specific to one -- they all see it) on a UPNP port. The foreign address is my R6400, but the port changes every time.
The R6400 has UPNP disabled, remote management disabled, vpn service disabled, DDNS disabled, WPS disabled, etc...
Did the virus scan, etc... Nothing. Even reinstalled a machine with a clean install & saw it happening there.
My guess is something is sneaking past the R6400 somehow. Anyone have suggestions on how to fix this? It's a little unsettling to think someone is worming through.
What you are seeing is probably due to the Windows implementation of WPS. The feature is called Windows Connect Now and it's designed to facilitate quick and easy connection with Wi-Fi devices. Just because Windows can see the device does NOT mean that it has infiltrated your network. Many people have encountered this. Usually, the rogue device is a nearby smart phone.
You can fix this by stopping and disabling the Windows Connect Now service.
I changed the wifi password, twice (forgot to mention that). Within minutes the bogus camera reappeared. Thus my original post.
You got me thinking again though, so I disabled wifi entirely. No more camera! Aha!
Sounds like someone found my router WPS pin. However "Enable Router PIN" is definately unchecked. Oddly "Wifi Protected Setup" still showed as Configured on the router status page though.
So I cleared the WPS "Keep Existing Wireless Settings" checkboxes (WPS now "Not Configured"), changed my wifi password a third time, changed the router password, and rebooted the R6400.
I've renabled wifi & so far so good. A netstat polling script hasent spotted anything yet.
Does beg the question how someone reaquired my wifi password though. Maybe the WPS isn't actually disabled when "Enable Router Pin" is unchecked?
The RC8025 rogue camera is back. It shows up for a couple minutes, disappears, appears again... Argh.
I've set access control to block all new connections. Added an access block for the reported mac address. No help. See attached device properties capture (assuming that provides any insight).
How in the heck is this thing getting in??
Maybe its time to invest in a different brand of router...
Windows "Network" window. Right click on the "camera" icon produces the property screen capture I attached before. I see it on both Windows 7 & 10 machines.
Nothing ever appears on the routers attached devices screen. However, the "camera" only appears when 2.4GHz is enabled.
So it's not a wired device. 5G only is fine (no camera). Tried knocking down the 2.4G transmit power, but no help. Unfortunately various stuff (like my HP printer) needs 2.4GHz.
What you are seeing is probably due to the Windows implementation of WPS. The feature is called Windows Connect Now and it's designed to facilitate quick and easy connection with Wi-Fi devices. Just because Windows can see the device does NOT mean that it has infiltrated your network. Many people have encountered this. Usually, the rogue device is a nearby smart phone.
You can fix this by stopping and disabling the Windows Connect Now service.
I do believe you nailed it! I disabled Windows Connect Now on all my machines & no more rogue devices.
With your hint I also learned Router SSID Broadcast is what attracts this garbage. As if WPS isn't bad enough, Microsoft has to add their spin to screw with peoples minds. Sigh.
