Constant "wi-fi station attacked in home network" notifications on my iPad

Uniblab

Hello. Although I used Fing prior to its announcement, I backed Fingbox on Indiegogo and have had a V1 in my home network since August 2017. The Fingbox appears to be running 1.15.4 firmware.

My home network consists of a Ubiquiti ER-4 router, an unmanaged 8-port gigabit switch attached to the router, a Ubiquiti Cloud Key g2 Plus, Ubiquiti Access Point WiFi 6 LR and Access Point WiFi 6 Pro WAPs, and an older Netgear managed gigabit switch.
The WiFi 6 Pro WAP provides one SSID, while the WiFi 6 LR provides the same SSID plus a second SSID. All devices running current firmware. The current network topology has been in place for about a year.

I have the Fing app installed on my iPhone, iPad, and Mac. The iPad app spams notifications—every five minutes—all day long stating "wi-Fi station attacked in Home Network."


This began about two weeks ago and happens periodically (usually months and months apart, including before adding the Ubiquiti WAPs). Within the Fing app on the iPad, it shows a MAC address one-off from the Access Point WiFi 6 LR's Ethernet address. Presumably, this is the MAC of the WAP's first Wi-Fi interface. Both WAPs are listed in the Fing Home Network and are recognized as "Wi-Fi."

I found an older discussion suggesting that taking my iPhone to each WAP and running a Fing Network Scan might help Fingbox better-understand my network. However, the app complains something along the lines that Fing Desktop owns this network so scanning can not be done.

How can I find out if my WAP is actually under attack? If it's not, how can I stop these confounded notifications?

Thank you.

Pixel

You mention a “one off mac address” showing against the ip address of the WAP so, is your WAP using software mac addressing ? If yes then disable it to prove if that is the source of the problem.

Rebooting all network devices, i.e. Router, WAPS, network switches etc, but if you try this start at the router & work through the network in turn.

You could also try a factory reset of the troublesome WAP just incase there’s a firmware issue.

Uniblab

Thank you for the reply, @Pixel !

Pixel said:

You mention a “one off mac address” showing against the ip address of the WAP so, is your WAP using software mac addressing ? If yes then disable it to prove if that is the source of the problem.

As you probably know, Wireless Access Points are, essentially, 1-4 interface (depending on the number of Wi-Fi radios) network switches. The MAC Address presented to the management console (and Fing) is its Ethernet interface port. The next MAC Address, which is typically one hexadecimal number higher, would be the Wi-Fi interface. A second radio would have a MAC address one hexadecimal number higher than the first radio, and so on.

Example:
05-67-89-10-AB-CD    Ethernet interface
05-67-89-10-AB-CE     Wi-Fi radio 1 interface
05-67-89-10-AB-CF     Wi-Fi radio 2 interface
05-67-89-10-AB-D0     Wi-Fi radio 3 interface

These are hardware addresses burned-in to the WAP's EEPROM. So, it makes sense that Fing would report the MAC Address of the first Wi-Fi interface as the one being attacked.