4.2 KiB
4.2 KiB
UniFi Legacy CIA Closeout — 2026-05-23
Purpose: close out the remaining unidentified CIA Via / Old IoT clients after the easy-value migrations and the Trusted-lane Intellirocks cleanup.
Scope
This document covers the leftover unidentified devices that should remain in legacy quarantine.
Historical basis used:
home/doris-dashboard/docs/unifi-client-cleanup-shortlist-2026-05-22.mdhome/doris-dashboard/docs/unifi-client-rehome-results-2026-05-22.mdhome/doris-dashboard/docs/old-iot-tomorrow-disposition-list.mdhome/doris-dashboard/docs/intellirocks-triage-result-2026-05-23.md
Important note:
- The live UniFi read helper in this shell cannot currently re-poll the controller because local
automation/.envhere does not contain theUNIFI_*credentials. - So this closeout is based on the latest verified operator artifacts already captured during the live session, plus the completed Intellirocks Trusted-lane cleanup from 2026-05-23.
What is already resolved
These are no longer part of the legacy-quarantine leftovers:
MyQ-29B-> movedOld IoT->IoTLG_Smart_Dryer2_open-> movedOld IoT->IoTSamsung-FamilyHub-> movedOld IoT->IoTMain-Floorecobee -> movedOld IoT->IoTUpstairsecobee -> movedOld IoT->IoT- Trusted-lane Intellirocks sibling
d4:ad:fc:f2:df:d2-> movedTrusted->Old IoT
Final disposition for remaining unidentified Legacy CIA devices
1) 5c:61:99:41:73:40
- Last known IP:
192.168.1.172 - Vendor:
Cloud Network Technology Singapore Pte. Ltd. - Final disposition:
keep quarantined on Old IoT - Why:
- unnamed
- unclear function
- insufficient evidence to grant clean
IoT
- Follow-up class:
identify later / possible kill-candidate if nobody can identify it
2) 60:74:f4:54:fd:ec
- Last known IP:
192.168.1.136 - Vendor:
Private - Final disposition:
keep quarantined on Old IoT - Why:
- private/randomized identity
- no useful hostname
- no evidence it deserves promotion
- Follow-up class:
identify later / strong kill-candidate pool
3) 60:74:f4:7b:6a:11
- Last known IP:
192.168.1.117 - Vendor:
Private - Final disposition:
keep quarantined on Old IoT - Why:
- same reasoning as the other private/randomized leftover
- no positive identification
- Follow-up class:
identify later / strong kill-candidate pool
4) c0:f5:35:20:5d:94
- Last known IP:
192.168.1.183 - Vendor:
AMPAK Technology,Inc. - Final disposition:
keep quarantined on Old IoT - Why:
- broad embedded/vendor bucket
- no positive identification
- no justification for moving into cleaner
IoT
- Follow-up class:
identify later / possible kill-candidate
5) d4:ad:fc:60:90:6a
- Last known IP:
192.168.1.100 - Vendor:
Shenzhen Intellirocks Tech co., ltd - Final disposition:
keep quarantined on Old IoT - Why:
- still unidentified
- vendor family now has three low-trust/quarantine-aligned siblings, including the former Trusted device moved back out on 2026-05-23
- this strengthens the case that these are embedded smart-home / disposable low-trust devices, not operator endpoints
- Follow-up class:
identify later / likely kill-candidate if never claimed
6) d4:ad:fc:ea:7f:65
- Last known IP:
192.168.1.101 - Vendor:
Shenzhen Intellirocks Tech co., ltd - Final disposition:
keep quarantined on Old IoT - Why:
- same reasoning as sibling Intellirocks device above
- no positive identification
- Follow-up class:
identify later / likely kill-candidate if never claimed
Operational conclusion
The remaining Legacy CIA leftovers do not need migration work right now.
The correct closeout posture is:
- leave all six unidentified leftovers on
Old IoT - do not promote them into
Trusted,Management, or cleanIoT - treat them as explicit quarantine residents pending later identification or eventual retirement
What this means for the remaining task list
Legacy CIA closeout is complete as a policy/disposition decision.
The remaining network cleanup work is now mainly:
- Google/cast validation and any resulting placement decisions
- final SSID simplification once Google behavior is understood
- optional future kill-pass for unclaimed legacy leftovers