Business Community > Controllers > WiFi connection attempts - attack?
< Controllers

WiFi connection attempts - attack?

WiFi connection attempts - attack?

WiFi connection attempts - attack?
WiFi connection attempts - attack?
Monday - last edited Monday
Tags: #Logs
Model: Omada Software Controller (Windows)  
Hardware Version:
Firmware Version: 6.2.0.12

hi all,

 

I found some strange entries in off-line client list since several weeks.

apparently something with random MAC tries to access my network via WiFi - traces are visible in offline client list:

offline clients

 

what is strange:

  • no IP assigned and no SSID info - apparently not associated with any WLAN
  • Network shows default network
    • and AP/Port shows the PoE ports where only my EAP615-Wall(EU) v1.0 (with FW: 1.5.4)  are connected - not APs itself

 

and what is more strange:

  • I cannot find anything in logs about the connection attempts........... 

 

please can someone explain to me what is going on and why there is nothing to find in logs?

 

/BR ZoloNN ----------------------------------------------------------------------- Omada 2x ER605(UN) v2.0 + SG2008P(UN) V3.20 + SG2218 V1.20 + 2x SG2008 V4.20 + 3x EAP615-Wall(EU) V1.0 CET (GMT+1)
  0      
 
  0      
 
#1
Options
7 Reply
Re:WiFi connection attempts - attack?
Yesterday

  @ZoloNN 

 

Yeah I get these sometimes and I dug down.  I found it was a multicast beacon some clients were sending out.  It was coming from a few clients.  

 

Some were hand scanners, which is weird.  I had few clients with "chatty" nics, replaced the nic and it stopped.  I know this is hardwired and your issue is wireless.  

 

 

I can not teach anyone anything - I can only make them think - Socrates
  0  
  0  
#2
Options
Re:WiFi connection attempts - attack?
Yesterday

  @ZoloNN 

 

Might be somehting trying to sniff the SSIDs, or something just consistently scanning for WiFi networks

 

 

  0  
  0  
#3
Options
Re:WiFi connection attempts - attack?
Yesterday

Hi  @ZoloNN 

 

Thanks for posting here.

Is there any client plugged into the ETH port of the EAP615-wall units?

 

Did you search the MAC address C0-A8-20 in the logs? Is there any result?

ZoloNN wrote

hi all,

 

I found some strange entries in off-line client list since several weeks.

apparently something with random MAC tries to access my network via WiFi - traces are visible in offline client list:

offline clients

 

what is strange:

  • no IP assigned and no SSID info - apparently not associated with any WLAN
  • Network shows default network
    • and AP/Port shows the PoE ports where only my EAP615-Wall(EU) v1.0 (with FW: 1.5.4)  are connected - not APs itself

 

and what is more strange:

  • I cannot find anything in logs about the connection attempts........... 

 

please can someone explain to me what is going on and why there is nothing to find in logs?

 

 

Wish you a happy life and smooth network usage!  >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#4
Options
Re:WiFi connection attempts - attack?
Yesterday

hi @Vincent-TP,

 

as I wrote in my original post:

  • only APs are on PoE ports, no daisy chaining - nothing connected to APs by cable
  • nothing in logs with those MAC addresses

 

 

Vincent-TP wrote

Hi  @ZoloNN 

 

Thanks for posting here.

Is there any client plugged into the ETH port of the EAP615-wall units?

 

Did you search the MAC address C0-A8-20 in the logs? Is there any result?

/BR ZoloNN ----------------------------------------------------------------------- Omada 2x ER605(UN) v2.0 + SG2008P(UN) V3.20 + SG2218 V1.20 + 2x SG2008 V4.20 + 3x EAP615-Wall(EU) V1.0 CET (GMT+1)
  0  
  0  
#5
Options
Re:WiFi connection attempts - attack?
23 hours ago

Hi @GRL,

 

isn't the sniffing/scanning a passive operation - just listening?

if the controller gets the MAC - there must be obviously some connection attempt - probably attack attempt....

 

 

GRL wrote

 

Might be somehting trying to sniff the SSIDs, or something just consistently scanning for WiFi networks

 

/BR ZoloNN ----------------------------------------------------------------------- Omada 2x ER605(UN) v2.0 + SG2008P(UN) V3.20 + SG2218 V1.20 + 2x SG2008 V4.20 + 3x EAP615-Wall(EU) V1.0 CET (GMT+1)
  0  
  0  
#6
Options
Re:WiFi connection attempts - attack?
13 hours ago

  @ZoloNN 

This is unlikely to be an attack.


To better assist you, I've created a support ticket via your registered email address and escalated it to our support engineer to look into the issue. The ticket ID is TKID260306983. Please check your inbox and confirm that the support email was received. Thanks!
Once the issue is resolved, please update this thread with your solution to help others who may encounter the same problem.
Many thanks for your excellent cooperation and patience!

Wish you a happy life and smooth network usage!  >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  1  
  1  
#7
Options
Re:WiFi connection attempts - attack?
2 hours ago

Hi @Vincent-TP,

 

thank you for the support, I've already answered the e-mail

 

/BR ZoloNN ----------------------------------------------------------------------- Omada 2x ER605(UN) v2.0 + SG2008P(UN) V3.20 + SG2218 V1.20 + 2x SG2008 V4.20 + 3x EAP615-Wall(EU) V1.0 CET (GMT+1)
  0  
  0  
#8
Options

Information

Helpful: 0

Views: 93

Replies: 7

Tags

Logs
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.