Rogue WiFi Device

Sparx

Sparx

Sparx

Soldato
Joined
30 Jul 2007
Posts
5,265
Location
Lincolnshire
Hey guys, my OCD needs some help please. :D

So I'm making the transition to Ubiquiti UniFi gear for my network at home. Started off with an AC-Lite AP which I installed yesterday. Also have a USG and PoE switch coming today I got from the MM.

My problem is, I went through my OCD of labelling all WiFi devices yesterday on the controller. But my OCD is now going nuts, as I have a rogue device and I've no idea what it is... I've gone through everything in the whole house. The UniFi Controller doesn't pull any device data on it, the MAC address I can't find on any MAC lookup website (I tried about 5-6 all say unknown).

I've put together below a montage of data from the UniFi controller and a quick (green section) extract from my BT Hub whilst it was connected to it, not sure on the timeframe possibly over the last 12 months odd? I blocked it last night and between then and this morning, I had over 20k+ association failure notices on the controller (but didn't notice any devices *not* working). So my OCD is still going nuts, I need to know what it is... :p

Is there anything I can do to try figure it out? I wonder if when the USG comes today, I can use DPI to maybe figure it out by the traffic data possibly?

I've already covered in my house thephones, iPads, smart watches, Apple TV, the TVs, Echo Dots, Sonos, Sky boxes, Smart LED strip, consoles, smart plugs, laptops, etc...

Thanks in advance for any ideas.

8cAQaJf.png
 
@the-evaluator just tried & doesn't respond to pings

@visibleman yes we have a Sky Q and Q Mini box. The only BT device is the BT Hub (router) itself. The download usage does make me think it has to be a Sky Q box streaming or the BT Hub somehow.

@Semple not sure probably about a year the BT hub... The UniFi stuff was only a few hours at most last night before I blocked it.

I think if I wait til the USG and switch comes today, get it hooked up I'll know if it was the BT Hub if it disappears (as wont need hub connected anymore). If it's still there pulling data, then I'll switch the Sky boxes off and see if it drops off or not.
 
Figured it out! After you guys mentioned a Sky/BT device, I just streamed a catch up episode on the main Sky Q box... and watched my download rate jump to 40-50Mb being pulled from this ‘unknown device’...

Why would this be the case?! The Sky’s system info shows a different 2.4 and 5Ghz MAC entirely... the 2.4 MAC on the Sky box says it’s 78:3e:53:cf:84:de as opposed to the one transmitting on the network is 7a:9f:29:e7:84:da...
 
@Semple Nah it’s not wired at all, completely wireless on WiFi. The Sky box shows its Ethernet MAC and it’s not that either. The MAC transmitting is not shown on the Sky box system info at all...

Edit: OK so just streamed on the Q Mini box and it's transmitting through the same MAC address as the main Q Box! It's like they are meshing through a different MAC address entirely as to what the boxes themselves say they are...

This now leaves me confused with 0e:7c:e0:08:57:02 as a rogue device not listed on any of my devices... Hmmm
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom