Hello,
I have notifications for new devices on the network and today it started acting, but nothing is changing on my network so it got me a little worried. It’s on the internal 192.168.0.0 network and I don’t know where it’s coming from.
Just today I got 4 emails for 5 devices (+1 yesterday) added and it’s not from wireless.
If I go to Active DHCP leases I see some new strange MAC addresses (I have all my devices labeled with hostname)
I can even ping one of the IPs and response time would appear to be from remote location. Any idea what the hell is going on here?
Android since version 10 and IOS (Apple) since version 14 use “Random MAC addresses”, but these addresses remains the same on the same network (SSID).
And you can disable these random addresses on your home network in Wi-Fi setting of your device.
I’m pretty sure it’s not wireless. Private wireless is strong-passworded and MAC-filtered. If it was on a guest network it would assign IP from a different range (and warn about new device on a guest network) not to mention it would be visible in Associated Stations under Wireless in LUCI. For years LAN network is hardened and has only devices I know about and out of the sudden on one day it starts connecting randoms with high ping.
I’ve opted to upgrading firmware on a modem and reflashed the Turris and for 24-hours it’s been clean.
luci can easily tell you which devices are associated via wireless so that’s easy to determine. You can also turn wireless off temporarily. But I can’t see how devices could turn up on the lan without being linked to any interface? Do you have the default zone settings on the firewall, or have you made changes?
