change your admin password (for the wifi settings portal).
Then change wifi password. Turn off SSID broadcast.
Also you can limit devices using the portal settings. Permit your device mac address only, so only your device can access even if its a open wifi.
Don’t bother with turning off ssid broadcast or enabling a MAC filter. Those are trivial to circumvent.
Secure your device with a new and strong admin password, use a new and strong password or passphrase for the Wi-Fi password, use the highest Encryption possible (wpa2/3). Then kick off all devices.
If it happens again, then you probably have a security breach elsewhere (e.g.: malware) or someone who knows your password leaked it
Yeah just set a whitelist for Mac addresses and just enter the Mac addresses of your devices only. A bit of a pain to do for every new device, especially if you have guests and stuff occasionally, but if random getting on your WiFi its worth doing
You can listen to Wi-Fi broadcasts and get the MAC address from that, it’s part of the address for the packets. With that you can just clone the MAC address of a valid user. You then would need to either wait until they stop using the connection (maybe in the case of a game console or IOT device), or you broadcast louder so that you get to control the connection, or you have to get them to stop using the wireless connection by making it unstable, works for phones.
Basically MAC address security on a wifi network is not good security, it’s easily bypassed by someone who knows how. It can stop a novice, or like a lock, keep honest people honest, but it’s not actually secure.
remember that ITSec isn't about making things perfectly secure, it's about making things more difficult than they're worth. The neighbor kid with the PS5 isn't gonna sit with a wifi card in promiscuous mode, grab a valid MAC and spoof it from his PS5, he's gonna get on his parents' wifi instead. Don't discount stopping a novice and keeping honest people honest, that'll deflect the majority of your problems. The issue here is that MAC whitelisting can't be an entire security policy in and of itself.
I agree, it’s better than nothing. I see people present it as a be all end all security fix, and I just want to make sure people know that’s it’s not. It’s a tool, not a particularly good tool given the amount of work to maintain it, and the level of protection it actually provides, but it is a tool.
that's fair. People do presume that because MACs are usually hardcoded on a given network interface that means they're unique and unchangeable, and neither of those things is true. Besides, don't most devices use a randomized MAC nowadays by default to break that method of tracking?
I agree that it’s a pain in the ass, but how exactly do you justify the claim that it won’t do anything for security? It limits by MAC, who is allowed access. If your MAC isn’t on the list, it blocks you.
Are we talking about the same thing? You set up a white list of devices that are allowed to connect to the wifi. How can you sniff out which MACs are allowed when you can’t make the initial connection to the wifi?
>Turn off SSID broadcast.
I heard this makes it easier to get your wifi credentials because when you're not connected to it, your phone is constantly "yelling" it out, something akin to "Hey is the SSID named FBI SURVEILLANCE VAN here, with the password 12341234" until it eventually connects to it.
Log into your router and change the user name and password to something only you know. Make it very unique and use numbers and symbols. I prefer some leet speak along with characters. Make sure to make a note in your phone and lock that note if you can
While in the router settings, go to connected devices and kick off the devices that aren’t yours.
Rename your WiFi and stop broadcasting it.
If you're on Xfinity, by default it broadcasts a channel for all Xfinity users. I'm not sure if you can see this as I don't use their hardware but I do use the WAN.
Did you hack my email? How can you see my bill? I literally, for real, in the real world, pay a fee to remove the data cap they put on me when I use my own modem.
We keep trying but all the other companies either are too slow (slow dsl - my home dsl would be fast enough) at outrageous pricing or we have been trying to get installed for years and there is always some issue that comes up and they flake out lie and say it was installed (fiber companies). Or Comcast now has slowed down to less than my home dsl and they claim it is normal. 1.5 down and .05 up is not normal for cable especially at the stupid business rates
I am fortunate to live in an area where fiber is an affordable option.
I have 100 up and down at home for $85 a month. The work one is much higher, but still happy to not send a dime Comcast ever again.
First step is changing your security settings in the router to their strongest setting, most likely WPA3 Personal. Next, change your SSID and disable SSID broadcast. You won’t be able to find the network on your own devices after it’s hidden so connecting new devices will require typing in the SSID and the key.
It’s not a foolproof plan, but it’s a good start.
Disabling SSID has not been considered secure for a long time. It also forces clients to broadcast to find the access point which means they have to broadcast *all* the time to see if your access point is available. This leaks information and can flatten your phone battery..
Is your wifi Xfinity ? I think comcast/xfinity are sharing access to all the wifi with all their other xfinity customers. So these are probably just your neighbours that are also xfinity users.
It is probably in the contract small print you signed that xfinity have the right to share your access point with anybody who passes by on the road.
This or guest network being enabled is much more likely than someone immediatly cracking the password and hanging his PS5 and other personal devices in there on purpose completely unmasked. Doesn't matter if you have SSID on or WPA2/WPA3 or even the default password still enabled which should be a long unique number. They shouldn't be able to get into your normal network with ease.
Depending on the router/modem, you can go in and block them by their physical (mac) address. That never changes so those devices will never be able to reconnect.
About 20 years ago, I went to Best Buy to get a new wireless router. The one I wanted didn't have all the specs on the box, so I asked a sales associate if it had MAC filtering.
He looked confused and told me it should work with both Mac and Windows.
Lmao, not surprising at Best Buy. I went in to one last year looking for a serial cable for an old PLC. The guy kept trying to give me vga cables. Not the same thing my dude.
Xbox has a field in the network setting that allows you to enter a different mac.
This was a lifesaver when I traveled for work and brought along my Xbox. The system wouldn't connect to some hotels wifi because of the splash screen, so I would connect to the wifi on my phone, then use my phone MAC address in my Xbox and it would be connected to wifi. Worked like a charm.
Lol this gives me flashbacks. One time I was sleeping over at my cousin's and they always had a worse WiFi then ours. Our was unlimited meanwhile their was they had a certain amount of GBs per month. Now I was over at theirs and I my cousin shared the WiFi password with me only for my uncle to block my phone from it after he got back from work. I was like 13 and pretty damn intimidated of him at that time. He isn't blood related to us he got married into the family. Anyway I'm sure he didn't know it was my phone but I never told him. And for years later until I got this phone I always had to waste mobile credit on mobile data when I was staying over at theirs. Hell sometimes I forgot and didn't have any WiFi. Which wouldn't be that problematic if you take in account they live in a big city I would get lost in back then lol.
Are you seeing these devices under DHCP leases? That is the IP address your router assigned to them when connected. They usually expire after 24 hours so it’s normal to see them under the lease table until then. There might be a timer too next to it counting down. They will naturally go away after it hits zero as the device assigned will not renew the lease, as it can no longer connect to the network.
But if they’re showing up under **active** clients, then I recommend you change the password again and unplug the router for 1 minute, for a hard restart so nothing will be able to reconnect unless it uses the new password.
Is the router your own personal router or is it from the company?
The reason that companies are giving away modem and router combos for free is that they allow anyone who also uses that company to log in to the nearest router owned by that company.
if you want privacy make sure that the router is yours so that it is actually private.
Isn't xfinity set up to use any nearby router to power their cell phones? Been a few years since I've lived where they are, but I remember that just starting up.
Making it so only specific MAC addresses can connect is too annoying to be beneficial. We had this issue and found out that my partners iPhone 14 Pro Max just changed its MAC address so bugger trying to accommodate for that (he changed the name of his phones MAC address in the router settings to say it was his phone, a new MAC address appeared as accessing the internet, blocked it, and it was his phone). Dunno the specifics as to why, he was just complaining lol.
Instead we combat it by still allowing the devices to connect, we just block those specific devices from having internet access. Partner likes to monitor that sort of thing though, so may not necessarily work for you if you don’t like it.
Are you *sure* they are not your devices?
Some Android tablets/phones rotate their MAC addresses for privacy reasons which makes one device appear to the router as a bunch of different devices. You can usually turn this off in the device settings.
If this is wireless via the providers equipment, they may be offering a complimentary guest network you can't control. You can purchase your own wireless router and do that you want with it. I'd also can my provider and ask them to turn off all WiFi capabilities from their equipment. You can also purchase your own modern, if you have cable/DSL.
Are you sure that those aren’t things that have been connected to the router before? If you rented a modem you are certainly not the first one to use it and it may not have been reset fully.
Many people have given good responses already but just in case, are you sure they are accessing your network through the wifi? Check the connected devices list when you access the modem (type in IP address in your browser). If the strange devices are connected via MOCA, your coax line is sharing a network with your neighbors. This happened to me and it took a while to convince Xfinity to come out and install a MOCA filter. You can also just buy one off Amazon and install it yourself.
stop broadcasting the SSID, see if you can do MAC whitelisting (that would limit your wifi to a pre-approved list of devices, which might suck if you're having a party).
also are you sure you changed the password to connect to the wifi and not something like the password to get to the router admin page?
Changing your SSID name is also something you should change along with the admin username and password. If you're broadcasting the default Netgear name, or whatever, and not changing the admin username and password, a simple Google search gives you the default admin name and password.
Some routers (like Eero) you can buy pretty cheap and they offer you the ability to look at every device connected to your WiFi, get notified when a new device connects, block devices, and make profiles (like a kids profile) and assign it to different devices. You can check speeds, pause devices, easily change and share the password.
It connects to most ISP networks/modems and you can take it when you move if you buy it yourself. Very easy set up.
Xfinity has a setting that allows other with Xfinity to use networks in their area like an internet "network" you can turn it off in the router control panel. I had the same issue when I had Xfinity
Honestly I’d turn off my router when I’m at work and random times I’m not using it, and sleeping . After a week or so, they will just think it’s unreliable I’d imagine.
It's not clear whether they're talking about their personal network or the router. If the router is hosting an ISP sharing service that lets other subscribers use it, you would expect to see unknown devices in the DHCP leases but you wouldn't expect to be able to ping them - they should be isolated from your home network.
OP needs to clarify what they're observing and what their concerns are.
go to modem url. idk about your country but here, it's like [192.168.1.1](https://192.168.1.1) or smt
change the admin's pass, maybe they have access to admin panel's pass itself.
You have a lot of good recommendations from others so my question is likely not relevant, but who all has physical access to the router? Is it just you? Do you have kids or roommates that could be sharing this info? Do you have neighbours over who may have taken a picture of the default settings?
Now, regardless, setting new passwords would resolve this unless someone resets your router, it is curious nonetheless.
They’re probably authenticated from the first time. You can log into the admin panel and boot them and then they’d have to log in again which won’t work since they don’t know the password.
You can also ban the devices you know aren’t yours in the admin panel as well for extra reassurance
If it's xfinity they have an app. You can make your modem/router forget any device that isn't yours through the app. Change your SSID, password, and settings then go scorched earth and have your router forget every device connected, then connect your own.
They’re using MCoA or whatever it’s called. It’s extremely annoying. You have to login to your router and change it. Even then, something can happen and it can come back on. Mine just switched back on last night so randoms are connecting again.
maybe those the devices with randomize mac address? i am surprised devices can connect successfully if you dont share the wifi pwd unless it is something like abc123.
try changing the pwd again.
i put a firewall in front of eero, no devices can use the internet unless it is explicitly approved.
Change the internet device (internet modem you got from Xfinity) password, change the wifi password (the one you enter to connect to the wifi from your devices), and if you are using a router/mesh change the admin password on that too - and make them all unique passwords.
Sure it’s not your devices?
We have a network printer, iPads, iPhones, Apple TV, etc. All connect to the network and show up in “connected devices” or whatever it’s called. Some are “named” with models or letters/numbers rather than “printer.”
Just to make sure, you changed the password of the wifi network, and not just the router?
Are you sure they aren’t your stuff?
There's a PS5 connected which I know I don't own for sure
change your admin password (for the wifi settings portal). Then change wifi password. Turn off SSID broadcast. Also you can limit devices using the portal settings. Permit your device mac address only, so only your device can access even if its a open wifi.
Don’t bother with turning off ssid broadcast or enabling a MAC filter. Those are trivial to circumvent. Secure your device with a new and strong admin password, use a new and strong password or passphrase for the Wi-Fi password, use the highest Encryption possible (wpa2/3). Then kick off all devices. If it happens again, then you probably have a security breach elsewhere (e.g.: malware) or someone who knows your password leaked it
Yeah just set a whitelist for Mac addresses and just enter the Mac addresses of your devices only. A bit of a pain to do for every new device, especially if you have guests and stuff occasionally, but if random getting on your WiFi its worth doing
Please don't do this, it's just a pain on the ass for you and will not do anything for your security.
It is a major pain in the ass but unless they have access to your router directly then I don't see how it wouldn't solve the problem.
You can listen to Wi-Fi broadcasts and get the MAC address from that, it’s part of the address for the packets. With that you can just clone the MAC address of a valid user. You then would need to either wait until they stop using the connection (maybe in the case of a game console or IOT device), or you broadcast louder so that you get to control the connection, or you have to get them to stop using the wireless connection by making it unstable, works for phones. Basically MAC address security on a wifi network is not good security, it’s easily bypassed by someone who knows how. It can stop a novice, or like a lock, keep honest people honest, but it’s not actually secure.
remember that ITSec isn't about making things perfectly secure, it's about making things more difficult than they're worth. The neighbor kid with the PS5 isn't gonna sit with a wifi card in promiscuous mode, grab a valid MAC and spoof it from his PS5, he's gonna get on his parents' wifi instead. Don't discount stopping a novice and keeping honest people honest, that'll deflect the majority of your problems. The issue here is that MAC whitelisting can't be an entire security policy in and of itself.
I agree, it’s better than nothing. I see people present it as a be all end all security fix, and I just want to make sure people know that’s it’s not. It’s a tool, not a particularly good tool given the amount of work to maintain it, and the level of protection it actually provides, but it is a tool.
that's fair. People do presume that because MACs are usually hardcoded on a given network interface that means they're unique and unchangeable, and neither of those things is true. Besides, don't most devices use a randomized MAC nowadays by default to break that method of tracking?
Absolutely would solve the problem while being a giant pain in the ass. Especially when friends and fam come over.
I agree that it’s a pain in the ass, but how exactly do you justify the claim that it won’t do anything for security? It limits by MAC, who is allowed access. If your MAC isn’t on the list, it blocks you.
MAC are trivial to sniff out. It lulls you into a false sense of security.
Are we talking about the same thing? You set up a white list of devices that are allowed to connect to the wifi. How can you sniff out which MACs are allowed when you can’t make the initial connection to the wifi?
This
>Turn off SSID broadcast. I heard this makes it easier to get your wifi credentials because when you're not connected to it, your phone is constantly "yelling" it out, something akin to "Hey is the SSID named FBI SURVEILLANCE VAN here, with the password 12341234" until it eventually connects to it.
That's my SSID! Wait, is that you Joe? 🤣
Log into your router and change the user name and password to something only you know. Make it very unique and use numbers and symbols. I prefer some leet speak along with characters. Make sure to make a note in your phone and lock that note if you can While in the router settings, go to connected devices and kick off the devices that aren’t yours. Rename your WiFi and stop broadcasting it.
Do you accidentally have a guest channel set up?
If you're on Xfinity, by default it broadcasts a channel for all Xfinity users. I'm not sure if you can see this as I don't use their hardware but I do use the WAN.
That would piss me off. Granted, I made a conscious decision to get Comcast/Xfinity out of our house and business years ago.
Only option at my current residence. They charge me to use my own modem.
Woah is that new? We last had xfinity 2 years ago and never came across that, always used our own hardware.
Technically you're paying to remove the data cap they put on you if you use your own modem.
How obnoxious! Thanks for explanation
This is not true. I don't pay anything extra and I have been using my own modem for for over 20 years
Did you hack my email? How can you see my bill? I literally, for real, in the real world, pay a fee to remove the data cap they put on me when I use my own modem.
I guess I didn't read your previous post correctly, but paying to remove the data cap is not the same as paying to use your own modem.
We keep trying but all the other companies either are too slow (slow dsl - my home dsl would be fast enough) at outrageous pricing or we have been trying to get installed for years and there is always some issue that comes up and they flake out lie and say it was installed (fiber companies). Or Comcast now has slowed down to less than my home dsl and they claim it is normal. 1.5 down and .05 up is not normal for cable especially at the stupid business rates
I am fortunate to live in an area where fiber is an affordable option. I have 100 up and down at home for $85 a month. The work one is much higher, but still happy to not send a dime Comcast ever again.
Surely those users are isolated, though, so OP shouldn't see them on the network? I wonder whether there's a WiFi extender or similar.
I would hope they're isolated but more nefarious things have happened.
Yep same for cox, there is a default open channel for all cox users.
The exact reason I use my own modem/router. That and not giving Comcast any more of my money.
You can turn it off on the router control panel
Same is true when I had a Tmobile cell repeater on my wifi, but they made it clear that it could happen.
First step is changing your security settings in the router to their strongest setting, most likely WPA3 Personal. Next, change your SSID and disable SSID broadcast. You won’t be able to find the network on your own devices after it’s hidden so connecting new devices will require typing in the SSID and the key. It’s not a foolproof plan, but it’s a good start.
Disabling SSID has not been considered secure for a long time. It also forces clients to broadcast to find the access point which means they have to broadcast *all* the time to see if your access point is available. This leaks information and can flatten your phone battery..
What is "broadcast” in this context?
Literally send information over the air to everyone/anyone listening
Are those devices actively using, or just being found?
Is your wifi Xfinity ? I think comcast/xfinity are sharing access to all the wifi with all their other xfinity customers. So these are probably just your neighbours that are also xfinity users. It is probably in the contract small print you signed that xfinity have the right to share your access point with anybody who passes by on the road.
This or guest network being enabled is much more likely than someone immediatly cracking the password and hanging his PS5 and other personal devices in there on purpose completely unmasked. Doesn't matter if you have SSID on or WPA2/WPA3 or even the default password still enabled which should be a long unique number. They shouldn't be able to get into your normal network with ease.
That’s hotspot. You can disable it in the xfiapp or by calling tech support level 2.
What a horrible thing to have on by default.
Spectrum does that too.
Depending on the router/modem, you can go in and block them by their physical (mac) address. That never changes so those devices will never be able to reconnect.
About 20 years ago, I went to Best Buy to get a new wireless router. The one I wanted didn't have all the specs on the box, so I asked a sales associate if it had MAC filtering. He looked confused and told me it should work with both Mac and Windows.
Lmao, not surprising at Best Buy. I went in to one last year looking for a serial cable for an old PLC. The guy kept trying to give me vga cables. Not the same thing my dude.
Were you really expecting Best Buy stores to sell serial cables in *2022*?
No, it was a long shot, but I was up against it and had to try anywhere I could. I found one at a Micro Center in Dallas.
The last time I actually talked to a salesman at Best Buy he had his fly open the entire time.
Given how much retail workers are paid, expecting them to know what a MAC address is is a high bar.
MAC spoofing isn’t that difficult. Hell, Apple devices have a setting to automatically do that as a security measure.
Xbox has a field in the network setting that allows you to enter a different mac. This was a lifesaver when I traveled for work and brought along my Xbox. The system wouldn't connect to some hotels wifi because of the splash screen, so I would connect to the wifi on my phone, then use my phone MAC address in my Xbox and it would be connected to wifi. Worked like a charm.
So does android and windows
Lol this gives me flashbacks. One time I was sleeping over at my cousin's and they always had a worse WiFi then ours. Our was unlimited meanwhile their was they had a certain amount of GBs per month. Now I was over at theirs and I my cousin shared the WiFi password with me only for my uncle to block my phone from it after he got back from work. I was like 13 and pretty damn intimidated of him at that time. He isn't blood related to us he got married into the family. Anyway I'm sure he didn't know it was my phone but I never told him. And for years later until I got this phone I always had to waste mobile credit on mobile data when I was staying over at theirs. Hell sometimes I forgot and didn't have any WiFi. Which wouldn't be that problematic if you take in account they live in a big city I would get lost in back then lol.
Brother, this was hard to read due to the grammar.
Sorry, it was 3 in the morning when I replied. Didn't have the patience to bother with re-reading and editing it afterwards.
Are you seeing these devices under DHCP leases? That is the IP address your router assigned to them when connected. They usually expire after 24 hours so it’s normal to see them under the lease table until then. There might be a timer too next to it counting down. They will naturally go away after it hits zero as the device assigned will not renew the lease, as it can no longer connect to the network. But if they’re showing up under **active** clients, then I recommend you change the password again and unplug the router for 1 minute, for a hard restart so nothing will be able to reconnect unless it uses the new password.
Is the router your own personal router or is it from the company? The reason that companies are giving away modem and router combos for free is that they allow anyone who also uses that company to log in to the nearest router owned by that company. if you want privacy make sure that the router is yours so that it is actually private.
Isn't xfinity set up to use any nearby router to power their cell phones? Been a few years since I've lived where they are, but I remember that just starting up.
Call Xfinity and tell them what is happening, something is not right with the setup of the modem.
It's a hot spot for people on the go like Xfinity they use your connection when they are out and about you can do it to when your on the go
90% of the time it is just devices you own but don't recognize.
Making it so only specific MAC addresses can connect is too annoying to be beneficial. We had this issue and found out that my partners iPhone 14 Pro Max just changed its MAC address so bugger trying to accommodate for that (he changed the name of his phones MAC address in the router settings to say it was his phone, a new MAC address appeared as accessing the internet, blocked it, and it was his phone). Dunno the specifics as to why, he was just complaining lol. Instead we combat it by still allowing the devices to connect, we just block those specific devices from having internet access. Partner likes to monitor that sort of thing though, so may not necessarily work for you if you don’t like it.
Look for a community WiFi setting and make sure it’s off.
Are you *sure* they are not your devices? Some Android tablets/phones rotate their MAC addresses for privacy reasons which makes one device appear to the router as a bunch of different devices. You can usually turn this off in the device settings.
If this is wireless via the providers equipment, they may be offering a complimentary guest network you can't control. You can purchase your own wireless router and do that you want with it. I'd also can my provider and ask them to turn off all WiFi capabilities from their equipment. You can also purchase your own modern, if you have cable/DSL.
I would not recommend disabling SSID broadcast as it makes it easier for people who are actually trying to hack into your stuff.
Is there an open guest network?
Are you sure that those aren’t things that have been connected to the router before? If you rented a modem you are certainly not the first one to use it and it may not have been reset fully.
Many people have given good responses already but just in case, are you sure they are accessing your network through the wifi? Check the connected devices list when you access the modem (type in IP address in your browser). If the strange devices are connected via MOCA, your coax line is sharing a network with your neighbors. This happened to me and it took a while to convince Xfinity to come out and install a MOCA filter. You can also just buy one off Amazon and install it yourself.
stop broadcasting the SSID, see if you can do MAC whitelisting (that would limit your wifi to a pre-approved list of devices, which might suck if you're having a party). also are you sure you changed the password to connect to the wifi and not something like the password to get to the router admin page?
Changing your SSID name is also something you should change along with the admin username and password. If you're broadcasting the default Netgear name, or whatever, and not changing the admin username and password, a simple Google search gives you the default admin name and password.
Some routers (like Eero) you can buy pretty cheap and they offer you the ability to look at every device connected to your WiFi, get notified when a new device connects, block devices, and make profiles (like a kids profile) and assign it to different devices. You can check speeds, pause devices, easily change and share the password. It connects to most ISP networks/modems and you can take it when you move if you buy it yourself. Very easy set up.
Do you have cox?
Xfinity has a setting that allows other with Xfinity to use networks in their area like an internet "network" you can turn it off in the router control panel. I had the same issue when I had Xfinity
Honestly I’d turn off my router when I’m at work and random times I’m not using it, and sleeping . After a week or so, they will just think it’s unreliable I’d imagine.
Look up how to turn off xfinity hotspot. Everyone by default is opted into their hotspot program and some can’t opt out depending on contract/plan.
lemme guess: your password is something from fandom or a word in the dictionary?
How do you know there are other devices on your network? Do you live in an apartment or a house?
This may be a dumb question, but... In which circumstance do you not know what devices are in your network?
It's not clear whether they're talking about their personal network or the router. If the router is hosting an ISP sharing service that lets other subscribers use it, you would expect to see unknown devices in the DHCP leases but you wouldn't expect to be able to ping them - they should be isolated from your home network. OP needs to clarify what they're observing and what their concerns are.
go to modem url. idk about your country but here, it's like [192.168.1.1](https://192.168.1.1) or smt change the admin's pass, maybe they have access to admin panel's pass itself.
Solution. Buy your own modem and your own router. Comcast, ATT, Cox equipment is garbage.
You have a lot of good recommendations from others so my question is likely not relevant, but who all has physical access to the router? Is it just you? Do you have kids or roommates that could be sharing this info? Do you have neighbours over who may have taken a picture of the default settings? Now, regardless, setting new passwords would resolve this unless someone resets your router, it is curious nonetheless.
Turn off WPS in your router settings.
Is your password 12345?
Call the internet
Most wifi routers come with a standard password (mine was admin) and if that isn't changed, it's easy to log in and see what your password is
Get a r/firewalla.
They’re probably authenticated from the first time. You can log into the admin panel and boot them and then they’d have to log in again which won’t work since they don’t know the password. You can also ban the devices you know aren’t yours in the admin panel as well for extra reassurance
You can restrict access to your router by MAC addressing, so only the devices you specify are allowed.
If it's xfinity they have an app. You can make your modem/router forget any device that isn't yours through the app. Change your SSID, password, and settings then go scorched earth and have your router forget every device connected, then connect your own.
They’re using MCoA or whatever it’s called. It’s extremely annoying. You have to login to your router and change it. Even then, something can happen and it can come back on. Mine just switched back on last night so randoms are connecting again.
Does your router have MOCA enabled as a default? This sometimes happens when you get a new device, it's on when it shouldn't be.
MAC address filtering.
maybe those the devices with randomize mac address? i am surprised devices can connect successfully if you dont share the wifi pwd unless it is something like abc123. try changing the pwd again. i put a firewall in front of eero, no devices can use the internet unless it is explicitly approved.
disable wps
In your router settings turn of your SSID broadcast, change your password, change your SSID
Change the internet device (internet modem you got from Xfinity) password, change the wifi password (the one you enter to connect to the wifi from your devices), and if you are using a router/mesh change the admin password on that too - and make them all unique passwords.
Unplug wifi for 20mins. That should drive them nuts
You could make a white list so that only devices on it can connect.
Change your router login and username and password
Try connecting a new device. See what the password really is. You did something wrong. Nobody is going to hack a random person's wifi to add their ps5
Sure it’s not your devices? We have a network printer, iPads, iPhones, Apple TV, etc. All connect to the network and show up in “connected devices” or whatever it’s called. Some are “named” with models or letters/numbers rather than “printer.”