- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Rogue network device getting past R6400?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Router: R6400 (Firmware v1.0.1.26_1.0.19).
PC's: Windows 7 & Windows 10.
I have an odd problem. I'm seeing a rogue network device intermittantly appear. It shows as a iControl RC8025 Camera, serial number 12345678. No IP address. However I own nothing like it.
Using netstat when the "camera" is visible, shows a line similar to:
Proto Local Address Foreign Address State
TCP 192.168.1.103:2869 192.168.1.1:33824 TIME_WAIT
The local address is my computer (not specific to one -- they all see it) on a UPNP port. The foreign address is my R6400, but the port changes every time.
The R6400 has UPNP disabled, remote management disabled, vpn service disabled, DDNS disabled, WPS disabled, etc...
Did the virus scan, etc... Nothing. Even reinstalled a machine with a clean install & saw it happening there.
My guess is something is sneaking past the R6400 somehow. Anyone have suggestions on how to fix this? It's a little unsettling to think someone is worming through.
Thanks!
-- Ian
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can fix this by stopping and disabling the Windows Connect Now service.
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue network device getting past R6400?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue network device getting past R6400?
I changed the wifi password, twice (forgot to mention that). Within minutes the bogus camera reappeared. Thus my original post.
You got me thinking again though, so I disabled wifi entirely. No more camera! Aha!
Sounds like someone found my router WPS pin. However "Enable Router PIN" is definately unchecked. Oddly "Wifi Protected Setup" still showed as Configured on the router status page though.
So I cleared the WPS "Keep Existing Wireless Settings" checkboxes (WPS now "Not Configured"), changed my wifi password a third time, changed the router password, and
rebooted the R6400.
I've renabled wifi & so far so good. A netstat polling script hasent spotted anything yet.
Does beg the question how someone reaquired my wifi password though. Maybe the WPS isn't actually disabled when "Enable Router Pin" is unchecked?
-- Ian
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue network device getting past R6400?
The RC8025 rogue camera is back. It shows up for a couple minutes, disappears, appears again... Argh.
I've set access control to block all new connections. Added an access block for the reported mac address. No help. See attached device properties capture (assuming that provides any insight).
How in the heck is this thing getting in??
Maybe its time to invest in a different brand of router...
-- Ian
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue network device getting past R6400?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue network device getting past R6400?
Windows "Network" window. Right click on the "camera" icon produces the property screen capture I attached before. I see it on both Windows 7 & 10 machines.
Nothing ever appears on the routers attached devices screen. However, the "camera" only appears when 2.4GHz is enabled.
So it's not a wired device. 5G only is fine (no camera). Tried knocking down the 2.4G transmit power, but no help. Unfortunately various stuff (like my HP printer) needs 2.4GHz.
btw, thanks for your help!
-- Ian
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can fix this by stopping and disabling the Windows Connect Now service.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Rogue network device getting past R6400?
I do believe you nailed it! I disabled Windows Connect Now on all my machines & no more rogue devices.
With your hint I also learned Router SSID Broadcast is what attracts this garbage. As if WPS isn't bad enough, Microsoft has to add their spin to screw with peoples minds. Sigh.
Thanks for your help!
-- Ian
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more