Unknown Entity showing up on LAN After Computer Startup - RALink Wireless Linux Client

other_annoyed_guy · Jul 23, 2015

Basics:

Infrastructure:
AT&T Uverse 2Wire Modem running in "bridge/passthrough" mode
Asus RT-AC68U (Stock Firmware) - WPA2 Security with Long Passphrases (different for each SSID), Router SSIDs and Admin Password Changed from Default
Western Digital Livewire Powerline Device (1 Pair -- encrypted using default settings, timed button press to pair)

Devices on Network:
4 windows desktop PCs (hardwired into router or WD Livewire on Router side) (Windows 7 & 8)
1 windows laptop in a docking station
1 Alienware Alpha (hardwired into non-router side of powerline adapter)
Apple TV (hardwired into non-router side of powerline adapter)
PS4 (hardwired into non-router side of powerline adapter)
xBox 360 (hardwired into non-router side of powerline adapter)
Nest Thermostat and WeMo Switches (wireless)
Several mobile devices/tablet (iOS, Kindle and Blackberry)
Sony Blu Ray player/LG TV -- Neither are "smart" they are plugged in for firmware, etc.

Explanation:

I recently purchased a new computer, so I've been working on transferring files and have been using my LAN to do it. I've started seeing something (RALink Wireless Linux Client) show up in the "Network" window of Explorer (under "Computers", as opposed to "Computer" where the remaining items show up) when I turn on the new computer computer (and I think I've sometimes seen it after) -- it then disappears relatively quickly.

Steps Taken:

I've looked at its properties in the Network section and it shows a MAC Address, but it doesn't appear to get an IP Address. This is confirmed by running Who is on my Wifi and in the Router Admin Screen. It shows up -- then disappears -- and never gets an IP Address. I haven't blocked the MAC Address and it doesn't appear among the known devices currently connected. I haven't checked all of my devices yet, but that may be a next step.

Questions:

1. Anyone have any idea what's going on here?

2. Is there a security risk on my network?

3. Any ideas for next steps other than going to all of my devices to double check MAC Addresses?

Ralston18 · Jul 23, 2015

Hello Annoyed,

I did a quick google search "RALINK Wireless Linux Client".

Quite a few results were returned. In a nutshell you may be seeing another wireless router that is in range via the internal chipset.

Does not appear to be anything to be concerned about per se. However, I suggest that you do the search and scan the results as confirmation.

I did note a Microsoft solution but felt it best not to include the link herein - not sure of its true applicability and do not wish to go to far astray if my surmise is wrong.

Please double check things and post accordingly. Thanks.

other_annoyed_guy · Jul 23, 2015

Ralston18 :

Thanks, Ralson. Appreciate the response.

I saw those -- there seemed to be 2 similar threads on the topic (and the Microsoft one conveniently identified the exact same issue), but they seemed to quickly go off-topic (e.g., the poster being asked to delete wireless profiles). They didn't seem conclusive, so I kept digging. I thought it was interesting (though possible, I guess), that I had something showing up in Windows Networking before my router even assigned it an IP address. It would seem strange that another router would show up that way, but I'm certainly not an expert.

Ralston18 · Jul 23, 2015

You are welcome.

My sense is that you are pretty much on top of things such as they are.

Probably the best thing to do would be to block the MAC - easy to do and (if necessary) undo. For now that is the simplest thing to do and will hopefully make the rogue client go away. If not someone else may be able to offer another solution....

Overall, I am starting to get the nagging feeling that we end users are slowly having our configuration options taken away and that the devices we purchase/rent are doing more and more behind the scenes than is readily apparent. Ditto for software.

However such discussions are for another forum.

Will be going off-line for a few days and will have very limited, if any, ability to respond.

Alabalcho · Jul 23, 2015

It could be also some of your IoT devices (Nest) or TV/DVD/etc

Go to your router' status page, it should list all connected devices by their MAC addresses. Once you see it in your Windows, it means that it authorized on your WiFi network (or is connected wired). Google "MAC address database", and identify all connected clients, until you find the one with "RALINK" MAC address.

One you find it, note its IP address, "ping -t <ip address" and start disconnecting your devices until you locate it.

other_annoyed_guy · Sep 11, 2015

Alabalcho :

Apologies for the delay in responding, but I thought I owed you a response. As you recommended, I looked up the MAC address in a MAC address database and it was attributable to Vizio Inc. That's very interesting because I don't own a Vizio product (TV, tablet, anything). I've blocked the MAC address at the router. I've also identified all of my devices and accounted for all of the IP addresses (and MAC Addresses) on my network (none of which show this MAC address) and have accounted for all of my devises on the network.

It was interesting to me that the device never showed up on the router IP table or in Who's on my WiFi. It seems that it was never issued an IP address by the router, but it was still somehow showing up on the network screen on my PC.

Forgive my ignorance, but how I thought it worked (with certainly an inexpert and layperson's view of it) -- a device saw the network, performed a handshake with the router, the router challenged it for authentication and then, if it wasn't authenticated, the rest of the network would never see it. If it did authenticate, it would get an IP and act like a network device. In this case, even without getting an IP (both per the information screen on the PC, the router table and who's on my wifi), it was showing up as a device on the network according to the PC.

It seems strange, and I'd appreciate (for my own edification if nothing else) understanding better how the login process works such that it would manifest in this way.

Ralston18 · Sep 11, 2015

One thing that is happening is the "plug and play" philosophy where the average user has to do nothing or very little to create a network.

To accomplish that the manufactures have to set up their products to at least see other devices. No real attention or time is spent determining much about that device. The process is being "dumbed down" and less user end control is available. Things just show up and raise questions such as yours. As I understand it some routers (such as Netgear) almost require the user to log into a Netgear website to come back and configure the router. (Have just started looking into that a bit more....)

Some home routers are now broadcasting themselves as a wireless access point to allow IP service customers in the area to join the IP's network using any available router. The owner may or may not be able to turn that "feature" off. I now see a couple of such access points appearing in my neighborhood. Would rather not see them and be able to establish some other assurances that no accidental connection could be made.

Sometimes there are devices showing up looking for and trying to join "homegroup". (Which I do not use.) From time to time I see software wanting to put my data out in the cloud - and not always being up front about doing so....

You are correct: to truly join your network a device would need to go through the handshake/authentication process much as you described.

I am not sure that much can be done about it all (i.e., "Unkown devices/entity'). Does makes things messy when all of these wireless networks and unknown devices show up. Lots of "noise" in a sense and complicates security and overall personal network control.

About all we can do, as you have, is to be aware of what we have on our networks, the IP addresses, the MAC's, etc. and keep watching for other devices leeching on. (Please remember that MAC's can be spoofed.)

I run a scan (Advanced IP scanner) every couple of days to see what it finds with respect to my network. Shows both active and inactive devices of all sorts. IP addresses, names, etc.. There are other such utilities and you might wish to consider one or two just to help keep an eye on things. If something shows up or goes missing then you can investigate as warranted.

STbob · Mar 30, 2018

Yes this happened to me too. Seems to be a windows 10 thing. Anyway.....

The Fix!

Go into your router settings and TURN OFF WPS. You don't need it and it will stop phantom phones and routers from showing up in your network.

Search

Unknown Entity showing up on LAN After Computer Startup - RALink Wireless Linux Client

other_annoyed_guy

Reputable

Ralston18

Ralston18

Titan

other_annoyed_guy

Reputable

Ralston18

Titan

Alabalcho

Titan

other_annoyed_guy

Reputable

Ralston18

Titan

STbob

Distinguished

TRENDING THREADS

Latest posts

Moderators online

Share this page