Unexpected devices on network, with IP address of 0.0.0.0

Hi,

I've recently noticed Fing(box) is reporting an occasional device that's joined my network. These aren't MAC addresses I recognise, but Fing is showing the IP address as just 0.0.0.0.

An example of one earlier today has the following entry in my Asus router's log file:

Oct 14 15:04:42 dnsmasq-dhcp[8754]: DHCPDISCOVER(br0) 00:e3:95:f4:50:b1 
Oct 14 15:04:42 dnsmasq-dhcp[8754]: DHCPOFFER(br0) 192.168.1.233 00:e3:95:f4:50:b1 
Oct 14 15:04:42 dnsmasq-dhcp[8754]: DHCPDISCOVER(br0) 00:e3:95:f4:50:b1 
Oct 14 15:04:42 dnsmasq-dhcp[8754]: DHCPOFFER(br0) 192.168.1.233 00:e3:95:f4:50:b1 

Are these a cause for concern? The router isn't showing anything allocated to 192.168.1.233 in the DHCP logs - is this because the device didn't accept the IP address it was offered, or did it fail authentication somewhere in the process?

Any suggestions on how else to track this down and/or prevent it without resetting my wifi details (I have a few remote cameras that will be a real pain to reset the wifi settings, so I'm hoping to avoid that unless my wifi credentials have definitely been compromised)?

I have a few echo devices on my network - could this MAC address be related to a Sidewalk access, or is that feature not yet active in the UK? I don't seem to have the settings in my Echo app to disable this, so maybe it's not active, but I do wonder how any sidewalk-connected devices may show up if anyone does connect to it.

Thanks,
Adam

Comments

  • Robin_Ex_Fing
    Robin_Ex_Fing Member Posts: 5,293
    5000 Comments 250 Answers 500 Likes 100 Awesomes
    ✭✭✭✭✭✭✭
    Hi,

    The Fing App discovery will identify devices on a best effort basis, based on the information made available by the device, e.g. the MAC address. There are numerous reasons why the device might not be recognised correctly e.g.


    - The DHCP server is not refreshing when speaking to your Fing.

    - Limited information being offered by specific devices.


    If you are using an Apple device to run the Fing app with IOS14 then please refer to this article which has detailed information on how to make Fing app work with IOS14: https://www.fing.com/news/private-mac-address-on-ios-14


    Generic devices are those devices for which Fing was not able to identify the vendor and what kind of device it is. If there is any device in your house which is using any kind of internet(Wifi) then Fing App can show you all devices connected on your network. You can use this external link to know about the vendor of the device: https://aruljohn.com/mac/F45EAB


    To note: Fing App is no longer able to display MAC addresses on iOS because Apple has blocked apps from reading them from the ARP table. Whilst we are still able to recognise that a device is connected to the network scanned, these devices will appear as 'Generic'. This is an Apple imposed limitation, however we do continue to do our utmost to provide as much information to identify each device.’


    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!
  • TheMegaMan
    TheMegaMan Member Posts: 6
    Name Dropper Photogenic First Comment
    Thanks, Robin. This is useful info, although in this case, Fing *is* telling me the MAC address of the 'rogue' client, and is identifying it as a 'Generic' 'Lagotek' device. I don't think Fing has actually missed anything at all - the client genuinely doesn't seem to have picked up the IP address the router tried to give it.

    I'm not questioning why Fing is showing what it is, and I think it's working fine. I'm questioning whether an unknown client appearing like this, is actually a security issue on my network, or the sign of someone trying and failing to access it.

    If this is the wrong forum to ask this type of question, I apologise. I was hoping someone could help me interpret the Fing information...

    Thanks,
    Adam

  • Robin_Ex_Fing
    Robin_Ex_Fing Member Posts: 5,293
    5000 Comments 250 Answers 500 Likes 100 Awesomes
    ✭✭✭✭✭✭✭
    @TheMegaMan
    It is not a security threat. It may mean that device tried to enter network and was not able to get IP address from DHCP server.
    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!
  • TheMegaMan
    TheMegaMan Member Posts: 6
    Name Dropper Photogenic First Comment
    OK, that's encouraging news. Although I am curious how these devices are joining my network. It has to be via wifi, surely, so have my wifi credentials been compromised? How would the Fingbox have detected these MAC addresses if they didn't actually join my network?

    And I wonder why they weren't able to get an IP address from the Asus router (my DHCP server), if they *were* on my network.

    Or would the router/fingbox list all devices that attempt to authenticate with the router even if they don't have the correct WPA2 password and just fail on the DHCP assignment - that seems a very curious way to prevent a device from being able to use the network?

    I've been busy this week and haven't yet got around to renaming my SSID and resetting the password, but I have set the fingbox to 'Auto block new devices', so I'm a bit more comfortable about it.