[SOLVED] Unknown device in wifi network

Status
Not open for further replies.
Sep 20, 2021
6
0
10
Hi,

I checked the network map in my router and noticed an unknown device connected to my 2.4GHz wifi connection.
I could not find out what it is and to be safe I changed my wifi password for the 2.4GHz band.
After I did this I needed to reconnect every device with the new password.
The strange thing is that this unknown device just kept being connected, I'm not sure how this can even be possible.
I looked up the MAC address but I don't get any wiser from the info.
mac=EC:FA:BC:B7:BC:EF
Is there anything else I can do to discover what this device is and how it can connect to my wifi?
WPS is turned off on my router.

Kind regards,

Ricky
 
Last edited by a moderator:
Solution
....Is there anything else I can do to discover what this device is and how it can connect to my wifi?
WPS is turned off on my router....
WPS disabled = good (it's a security hole)

There are many devices that report 2 separate ID's (for whatever reason). Disable each device on your wireless network one at a time until the mystery MAC disappears. At that point you've found the culprit. You can then block the extraneous MAC and see if it affects operation.
Sep 20, 2021
6
0
10
This is the device name: ESP_B7BCEF
That's not helpful and I can't find it in Google.
But how can any IOT device connect to my wifi when I changed the password and WPS is turned off and I haven't used it ever?
 
....Is there anything else I can do to discover what this device is and how it can connect to my wifi?
WPS is turned off on my router....
WPS disabled = good (it's a security hole)

There are many devices that report 2 separate ID's (for whatever reason). Disable each device on your wireless network one at a time until the mystery MAC disappears. At that point you've found the culprit. You can then block the extraneous MAC and see if it affects operation.
 
Solution
Sep 20, 2021
6
0
10
WPS disabled = good (it's a security hole)

There are many devices that report 2 separate ID's (for whatever reason). Disable each device on your wireless network one at a time until the mystery MAC disappears. At that point you've found the culprit. You can then block the extraneous MAC and see if it affects operation.

Thank you for that! I will do this and come back with the result.
 
Sep 20, 2021
6
0
10
I disconnected all devices I'm aware of and it didn't disappear.
Now I blocked access the MAC address in my router and I'll see if I discover some device I forgot that doesn't have access to the internet anymore now.
But it remains strange that it could be connected when I just changed my wifi password and disconnected all the devices.
Thanks for the help!
 
Do you have any wireless home security devices? Espressif Inc. is a big supplier of wireless adapters for such devices. The only way a device is going to reappear after changing the security keys is that that device is a part of another device already on your network and that you reattached by changing the key on that device. If you have actually disabled WPS (and verified that it's actually disabled) and are using at least WPA2-PSK encryption then it is extremely unlikely that an outside device can reattach. Yes, WPA2-PSK has been broken, but, it's far from trivial.
 
Last edited:
Sep 20, 2021
6
0
10
No, I don't have any home security devices. But it should also not connect when I changed the wifi password, right? Really strange... I do have an Ikea Smart Home device with a wireless on/off switch. But this device is connected with Ethernet and now that I have blocked the MAC address the switch still works. And when I power off this device the MAC address still connects. The MAC address from the Ikea device is also different and I can't find a MAC address on the switch.
 
The logical way to approach this is to once more change the passphrase and watch carefully while you change the passphrase on each device one at a time. You will locate the device with the rogue MAC. That's assuming you want to go to the trouble. You could just leave it blocked and call it a day, until the device in question starts complaining.
 
Change the password again just leave it. So now nothing should have the new password. If it still appears can you tell if it is really connected. Does it have a IP address. There were cases of routers that would display the mac of a device that attempted to connect but actually failed.

It can pretty much be anything in the house now days. I saw that company name before in someone router when we were setting up one of those robot vacuum things.
 
Sep 20, 2021
6
0
10
Ok, I turned off the MAC filter and until now it didn't come back. I'll keep an eye on it. When it reappears again I will change the password again and watch more closely. I'll give an update. Thank you! WPS has always been turned off, I've never used it. The device has an IP, but I don't know what to do with it, I can't access it via the browser.
 
Last edited:
Status
Not open for further replies.