Unknown device in wireless client list but no IP address assigned.

RE: Unknown device in wireless client list but no IP address assigned.

alan weir — Wed, 16 May 2018 17:12:24 GMT

No as I have not given my passcode to anyone. I am the only one that uses this wireless connection. Probably a neighbor is attempting to access this connection. With that being said I still don't understand how the device was able to show up in my wireless client access list without a successful association. Does any client that attempts to connect show up in this list and should I be concerned that the log shows the device was authenticated?

The status code "0" in the log, according to Intel, suggests that the association was successful, then a few seconds later there is a STA WPA failure. As I said before, there is no record of this wireless client receiving an IP address in the DHCP log.

After changing my wifi password I have not seen any more connection attempts but I have taken the following steps.

Created a MAC address definition for the unknown device

Created a network definition based on that MAC address and gave it an IP address on a different subnet.

Created two firewall rules blocking any source and any service to that IP address, and blocking that IP address to any destination using any service.

https://www.intel.com/content/www/us/en/support/articles/000006508/network-and-i-o/wireless-networking.html

Association
Once authentication is complete, mobile devices can associate (register) with an AP/router to gain full access to the network. Association allows the AP/router to record each mobile device so that frames are properly delivered. Association only occurs on wireless infrastructure networks, not in peer-peer mode. A station can only associate with one AP/router at a time.

Association process:

Mobile device authenticates to an AP/router and then sends an Association Request.
AP/router processes the Association Request. AP/router vendors may have different implementations for deciding if a client request should be allowed.
- When an AP/router grants association, it responds with a status code of 0 (successful) and the Association ID (AID). The AID is used to identify the station for delivery of buffered frames when power-saving is enabled.
- Failed Association Requests include only a status code and the procedure ends.
AP/router forwards frames to or from the mobile device.

RE: Unknown device in wireless client list but no IP address assigned.

BAlfson — Wed, 16 May 2018 15:23:00 GMT

Alan, could that be a colleague's LG cell phone that doesn't have the passcode entered correctly??

Cheers - Bob

RE: Unknown wireless client keeps associating/authenticating/deauthenticating all day long. Authentication but no IP address given.

alan weir — Tue, 15 May 2018 16:54:14 GMT

Not to bump my own thread, but it just happened again. I cannot figure out what this LG device is or how it is connecting. Could there be malware on my device that is changing the MAC address of the phone and then connecting on top of the wifi connection I already have? Surely there must be some explanation. The unknown MAC address is in the red square.

I also notice that anytime I make changes to the wireless network settings, I will receive an authentication error and I will have to re-enter my wifi password into the UTM or I will never be able to connect.

For the meantime I created a MAC address definition (for my Samsung) and added my phone to the whitelist using the whitelist filtering in the wireless network settings. Now I will see if that rogue MAC address show up again.