Why would one of my devices address be 0.0.0.0?

I have 3 Blink XT2 wireless cameras along with the sync module on my network. I have them set up with static addresses. The last pic at the bottom of the list MySimpleLink... is one of my Blink cameras. The first two pics are device info. What is going on here?
Thanks in advance for your help.






.dr
Security is a false state of reality

Best Answers

  • Pixel
    Pixel Devon, U.K.Member, Moderator, Beta Tester Posts: 217
    100 Comments 25 Likes 5 Answers First Anniversary
    ✭✭✭
    edited January 10, 2021 #2 Accepted Answer
    hi @Wamparythm as @Marc has said for some reason the device in question has been unable to acquire an ip address. You may have assigned an ip address manually but from the screenshots it hasn’t worked (recheck the dhcp table in your router). The purpose of ip address 0.0.0.0 is not straightforward and to a degree it’s function depends on the function of the device in the network. You can find more information here :- https://en.wikipedia.org/wiki/0.0.0.0 - but, it isn’t light reading.
    Your router DHCP will allocate an ip address automatically (unless a static address is assigned), fing subsequently displays that information.
    You may never discover why this has happened but the main thing is how to resolve it.

    First unassign the static address and let DHCP assign an address automatically, if that works then try to assign a different static address. If the new static address works leave it there. If you still have problems disconnect to problem device, reboot your router and go through this process again. I would expect everything to resolve itself during the above.

    Edit: Your cameras may have their own server/hub which could account for the invalid address (0.0.0.0). So, if the cameras are connected via a control box or hub it might also be worth checking the manual or manufacturers support team for further network details.
  • Pixel
    Pixel Devon, U.K.Member, Moderator, Beta Tester Posts: 217
    100 Comments 25 Likes 5 Answers First Anniversary
    ✭✭✭
    edited January 15, 2021 #3 Accepted Answer
    I have 3 Blink XT2 wireless cameras along with the sync module on my network. I have them set up with static addresses. The last pic at the bottom of the list MySimpleLink... is one of my Blink cameras. The first two pics are device info. What is going on here?
    Thanks in advance for your help.






    .dr

    Easy reading on wikipedia link:
    > https://en.wikipedia.org/wiki/0.0.0.0 - but, it isn’t light reading (wrote @Pixel)

    "The address a host claims as its own when it has not yet been assigned an address. Such as when sending the initial DHCPDISCOVER packet when using DHCP."



    Unfortunately it’s not quite that straightforward, many manufacturers of hardware use an alternative approach. If the device cannot communicate correctly with DHCP the device will automatically assign itself a “random” IP address/sub net.
    Once you know that it’s fine but it does cause a lot of confusion as a device might have an IP address (in a different sub net) so it still can’t communicate with other devices on the same network.
  • Justice
    Justice Member Posts: 16
    10 Comments First Answer
    #4 Accepted Answer

    Likely your devices have been spoofed/hacked by someone nearby. Connect all of your security devices to your guest network (if your router has that feature). You will still see the 0.0.0.0 when you check Fingbox, but since Fingbox only protects on one network at a time it won’t matter the devices will still work.

  • Boston_Cowboy
    Boston_Cowboy Member Posts: 2
    Second Anniversary First Answer Name Dropper First Comment
    #5 Accepted Answer
    Quad zero is NOT a valid IP address. It literally means "This Network" so it represents the entire network. Your device is trying to connect to the network, and can see it, but for some reason the static IP address you assigned is not available. Did you a) assign an address that is already assigned to another device, or b) not remove the assigned address from your address pool?
    Both of these have been known to happen and would prevent your device from getting a valid IP address since it can only have the one assigned to it and that one would have already been used.

Answers

  • Marc
    Marc Moderator, Beta Tester Posts: 2,660
    1,000 Likes 2500 Comments 100 Answers 250 Awesomes
    ✭✭✭✭✭✭
    edited January 9, 2021 #6
    From what I'm seeing, Fing has seen it broadcasting and telling you its attempting to enter your network but it looks like it did not acquire an IP address from your DHCP Server (aka your router) at the time of the scan.
    Thats Daphnee, she's a good dog...
  • Wamparythm
    Wamparythm Member Posts: 34
    10 Comments Photogenic
    Why why would that happen? It has a static address set up. Also, going back through scans, at the same time the Blink sync device had multiple ip addresses. Multiple, meaning all of them.
    Security is a false state of reality
  • Marc
    Marc Moderator, Beta Tester Posts: 2,660
    1,000 Likes 2500 Comments 100 Answers 250 Awesomes
    ✭✭✭✭✭✭

    Good question. I’m almost thinking it’s your access point and Fing is having a hard time identifying it as such so instead is picking up the addresses the ap has had associated to it.

    Let see if some of the folks in the forum can help you out. @Pixel , @Robin , @kltaylor... can one of you folks help out here?

    Thats Daphnee, she's a good dog...
  • Marc
    Marc Moderator, Beta Tester Posts: 2,660
    1,000 Likes 2500 Comments 100 Answers 250 Awesomes
    ✭✭✭✭✭✭
    One other thing to add onto @Pixel...  I did a little research on them and the cameras go off and on the network as needed to conserve battery. So when you click the app to view or when they detect an event to record, they could go on line and get a new address if your DHCP lease has ended.   As the MAC address does not change, Fing could be displaying all of the addresses that had been associated with the camera.  One way to avoid could be to extend your DHCP lease times from your routers DHCP configuration screen.  I keep mine at a week.
    Thats Daphnee, she's a good dog...
  • Wamparythm
    Wamparythm Member Posts: 34
    10 Comments Photogenic
    edited January 10, 2021 #10
    Yes you are correct. They do go on and offline. But, the addresses are static. So, they are grey normally, when off line and dark black when on line. But they always have the statically assigned IP address that never changes. Except this onetime.
    The multiple ip addresses is really what concerns me. Those addresses are my iPad, desktop, laptop,...
    The sync device for my cameras should not be accessing anything on my network. Especially my dvr or WiFi node for my cable boxes, or anything that doesn’t have a Blink app on it. Right?
    Security is a false state of reality
  • Pixel
    Pixel Devon, U.K.Member, Moderator, Beta Tester Posts: 217
    100 Comments 25 Likes 5 Answers First Anniversary
    ✭✭✭
    Assuming you have gone through the steps suggested previously and the display shows the desired ip address, I would suggest that you clear all inactive devices from fing, rescan your network and investigate further if the problem re-occurs. When the router/dhcp causes problems they are often a “one-off” and may never happen again, in which case you will save a lot of time instead of hunting for ghosts.
    Don’t forget that firmware (aka software on a chip) can intermittently cause problems exactly the same as when a software app starts behaving erratically, restarting the app or rebooting the device often resolves the issue permanently.
    Wamparythm
  • Wamparythm
    Wamparythm Member Posts: 34
    10 Comments Photogenic

    Ok. That sounds logical. Thanks guys.

    One last item. When I run a router vulnerability scan; it always says "No vulnerability detected". But also always says, "We are unable to verify the type of access to your network ". What does that mean and is it of concern?


    Security is a false state of reality
  • thomasmerz
    thomasmerz Member Posts: 35
    10 Comments First Anniversary 5 Likes Photogenic
    ✭✭
    Marc said:

    Good question. I’m almost thinking it’s your access point and Fing is having a hard time identifying it as such so instead is picking up the addresses the ap has had associated to it.

    Let see if some of the folks in the forum can help you out. @Pixel , @Robin , @kltaylor... can one of you folks help out here?


    I have the same "view" as @Wamparythm has - but I have a Wifi Range Repeater to extend my Wifi (TP-Link RE650 AC2600 Dualband Gigabit WLAN Repeater) which has "many" IPs from all devices that are "behind" this Repeater:

    I assume this is due to ARP protocol and that all devices behind the Extender get a "new" MAC with the first three digits prefixed from "TP-Link", so that the TP-Link Router knows which MACs are not in his Wifi, but have to be sent via/to TP-Link Extender - am I right, any network experts reading my thoughts?!


  • thomasmerz
    thomasmerz Member Posts: 35
    10 Comments First Anniversary 5 Likes Photogenic
    ✭✭
    I have 3 Blink XT2 wireless cameras along with the sync module on my network. I have them set up with static addresses. The last pic at the bottom of the list MySimpleLink... is one of my Blink cameras. The first two pics are device info. What is going on here?
    Thanks in advance for your help.






    .dr

    Easy reading on wikipedia link:
    > https://en.wikipedia.org/wiki/0.0.0.0 - but, it isn’t light reading (wrote @Pixel)

    "The address a host claims as its own when it has not yet been assigned an address. Such as when sending the initial DHCPDISCOVER packet when using DHCP."



  • JonMartin
    JonMartin Member Posts: 6
    Name Dropper First Comment Photogenic
    This is likely not the issue of this post but I'm posting for others having 0.0.0.0 issues.  In my case I use 0.0.0.0 to my advantage (somewhat) to see devices on another VLAN.  Fing is limited to one VLAN and one Subnet.  But I have a Wi-Fi guest network I want to monitor.  For safety the Guest Wi-Fi is on a seperate VLAN.  To monitor it I bring both Guest and Private VLANs to the port the Fing is on.  Fing sees the devices on the Guest VLAN when they broadcast on 0.0.0.0 to acquire a DHCP address.  Once the address is acquired Fing ignores the device since it is on another subnet.  But the advantage to me I I have a record of all visiting devices, even if they all have a 0.0.0.0 address.
    WamparythmHronos
  • Wamparythm
    Wamparythm Member Posts: 34
    10 Comments Photogenic
    Justice said:

    Likely your devices have been spoofed/hacked by someone nearby. Connect all of your security devices to your guest network (if your router has that feature). You will still see the 0.0.0.0 when you check Fingbox, but since Fingbox only protects on one network at a time it won’t matter the devices will still work.

    Yes you are correct. I started capturing packets and it blatantly obvious, someone else is in there besides me. My LAN is transmitting 5-7 times the amount of data than it is receiving. How is that even possible. If it is on my LAN, it should receive everything it transmits. Every single checksum is bad on loopback interface. I did a trace route on 0.0.0.0 I got this.
    Anyway, I don’t quite understand you solution. How is switching over to my guest network going to keep them out?
    Security is a false state of reality
  • Justice
    Justice Member Posts: 16
    10 Comments First Answer

    The guest network is separate — once the devices are on the guest network— when you see the 0.0.0.0 IP addresses try blocking them. The legit IP will still connect and that’s all that maters. If the devices don’t work unblock them. You’ll have to play with them.

    You can also try changing the IP address of your router and the giving the devices static IP address. Limit the range of your DHCP to the exact number of devices you want connected 254 open addresses is an invitation to hack.

    I also rely more on Ethernet than WIFI alone too hackable. Understand that your hacker is nearby.

  • Wamparythm
    Wamparythm Member Posts: 34
    10 Comments Photogenic
    Ok. Well, I don’t see 0.0.0.0 on any of my devices anymore. I got rid of WiFi security cameras for wired ones. By changing address of router, you mean go from 192.169.1.254, to 10….? I might also have a postman exploit. TD-postman is constantly popping up on Wireshark. I’m not sure what that even means. I know enough to know I don’t know very much.
    Security is a false state of reality
  • Justice
    Justice Member Posts: 16
    10 Comments First Answer

    I don’t have any more answers maybe someone else can help you.

    Wamparythm
  • Wamparythm
    Wamparythm Member Posts: 34
    10 Comments Photogenic

    Sorry. I should have put answer accepted.

    But just to fill you in on what the issue was:

    I installed Wireshark. I had a TD postman exploit. As well as my Google account was put on to Enterprise/Work without my knowledge.

    My router had also been bridges to another router, that I was oblivious to. Then I was being connected to Multicast subnets (why data send was 3/5x higher than received). They were using Google Mtalk. Put my bank info on the dark web, passlocked a bunch of my data and basically torment me at will by turning off my TV/web/cell service.

    Internet security is a false state of reality.

    Security is a false state of reality