FIRMWARE BUG??!! Very serious concern for rouge-ghost "5268ac" device connected to 5 GHz
I have Gigapower Fiber at 1GB and my neighbor is still running much less expensive U-verse over copper. We both have a Pace 5268AC Router.
I have noticed in the last month or so (thanks to Fing!) that I now have a device taking an IP address on my network. It caught my attention immediately because it identifies as "5268ac" and matches the router MAC except for the last octet, kind of like the way I've seen other routers add a number to the device MAC for various virtual interfaces. More strange is that it is connected to the 5 GHz wireless band but this isn't obvious because the entry for the SSID column is blank! The only way I could tell was to remove every known device to see which band still showed a connection. This "5268ac" responds to pings and a network scan shows it is listening on port 5555.
I initially thought I had been hacked through Wi-Fi Protected Setup again because it has happened before (and is why check my network with Fing fairly often). Then I thought the router had been cracked somehow so I requested a replacement for that reason. Surprise, the replacement showed a rouge "5268ac" immediately after it was provisioned and running.
So, I asked my neighbor to check theirs and the very same situation exists at their house, as well.
This concerns me VERY, VERY much! I have a device on my network over which I have NO control that is using one of MY IP addresses and potentially listening to all of my network traffic. To whom is it reporting? Why is it there at all?!
Does anyone else have a "5268ac" that has suddenly shown up on their network that is connected to the wireless but showing a blank SSID to which it is connected? AND responding to pings?
5 years ago
I believe this is due to the way the firmware implements band steering.
5 years ago
Band Steering is a configurable routing mechanism that is invisible to network users. It does not in any way require a rouge or ghost device to be placed on a subnet, taking an IP address from DHCP, responding to pings or listening on port 5555.
What I am seeing is something else entirely.