SSID with very similar name, is this an attempt of hacking?
I noticed that another SSID pops up in my WiFi with the same name as mine (quite personal so could've only been intentionally copied) but a couple of the letters are capitalized. Their version has no security. Mine has WPA-PSK2. I tested it to be sure by unplugging my router and while mine disappeared after a while, theirs remained.
Is this a ploy at hacking? Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?
Example:
- My SSID:
bestfriend
- Their SSID:
BestFriend
(with capital B & F)
wireless-networking router ssid
|
show 11 more comments
I noticed that another SSID pops up in my WiFi with the same name as mine (quite personal so could've only been intentionally copied) but a couple of the letters are capitalized. Their version has no security. Mine has WPA-PSK2. I tested it to be sure by unplugging my router and while mine disappeared after a while, theirs remained.
Is this a ploy at hacking? Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?
Example:
- My SSID:
bestfriend
- Their SSID:
BestFriend
(with capital B & F)
wireless-networking router ssid
50
more people should take security this seriously. Its possible, if it is a targeted attack we call these rogue access points, where you mimic the name of someone else and see if clients connect to it. But we'll need more information, what exactly is the name of your network (ESSID) and how many people use it? Is this personal network? who else knows about this network? does your girlfriend have an ex that wants to get back together with her? you get the idea... some details would be good.
– Nalaurien
Jun 8 '17 at 7:58
57
...maybe they are just politely asking you to change the capitalization of your SSID to a "more correct one" because it bothers them when they see it on their available networks list? I can imagine myself doing that... "Never attribute to malice that which is adequately explained by extreme nitpicking" (?)
– xDaizu
Jun 8 '17 at 10:55
21
Connect to the network with a throwaway machine and try to scan the entire subnet with nmap to see what they're up to.
– André Borie
Jun 8 '17 at 14:26
21
Could just be chance. You'd be amazed at how popular some SSIDs (eg. variations on "FBI Surveillance Van") are.
– Mark
Jun 8 '17 at 18:28
18
tread carefully and dont ignore SSL/TLS errors!
– n00b
Jun 8 '17 at 19:05
|
show 11 more comments
I noticed that another SSID pops up in my WiFi with the same name as mine (quite personal so could've only been intentionally copied) but a couple of the letters are capitalized. Their version has no security. Mine has WPA-PSK2. I tested it to be sure by unplugging my router and while mine disappeared after a while, theirs remained.
Is this a ploy at hacking? Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?
Example:
- My SSID:
bestfriend
- Their SSID:
BestFriend
(with capital B & F)
wireless-networking router ssid
I noticed that another SSID pops up in my WiFi with the same name as mine (quite personal so could've only been intentionally copied) but a couple of the letters are capitalized. Their version has no security. Mine has WPA-PSK2. I tested it to be sure by unplugging my router and while mine disappeared after a while, theirs remained.
Is this a ploy at hacking? Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?
Example:
- My SSID:
bestfriend
- Their SSID:
BestFriend
(with capital B & F)
wireless-networking router ssid
wireless-networking router ssid
edited Jun 8 '17 at 12:41
Andrew T.
2051211
2051211
asked Jun 8 '17 at 7:18
K. PickK. Pick
704243
704243
50
more people should take security this seriously. Its possible, if it is a targeted attack we call these rogue access points, where you mimic the name of someone else and see if clients connect to it. But we'll need more information, what exactly is the name of your network (ESSID) and how many people use it? Is this personal network? who else knows about this network? does your girlfriend have an ex that wants to get back together with her? you get the idea... some details would be good.
– Nalaurien
Jun 8 '17 at 7:58
57
...maybe they are just politely asking you to change the capitalization of your SSID to a "more correct one" because it bothers them when they see it on their available networks list? I can imagine myself doing that... "Never attribute to malice that which is adequately explained by extreme nitpicking" (?)
– xDaizu
Jun 8 '17 at 10:55
21
Connect to the network with a throwaway machine and try to scan the entire subnet with nmap to see what they're up to.
– André Borie
Jun 8 '17 at 14:26
21
Could just be chance. You'd be amazed at how popular some SSIDs (eg. variations on "FBI Surveillance Van") are.
– Mark
Jun 8 '17 at 18:28
18
tread carefully and dont ignore SSL/TLS errors!
– n00b
Jun 8 '17 at 19:05
|
show 11 more comments
50
more people should take security this seriously. Its possible, if it is a targeted attack we call these rogue access points, where you mimic the name of someone else and see if clients connect to it. But we'll need more information, what exactly is the name of your network (ESSID) and how many people use it? Is this personal network? who else knows about this network? does your girlfriend have an ex that wants to get back together with her? you get the idea... some details would be good.
– Nalaurien
Jun 8 '17 at 7:58
57
...maybe they are just politely asking you to change the capitalization of your SSID to a "more correct one" because it bothers them when they see it on their available networks list? I can imagine myself doing that... "Never attribute to malice that which is adequately explained by extreme nitpicking" (?)
– xDaizu
Jun 8 '17 at 10:55
21
Connect to the network with a throwaway machine and try to scan the entire subnet with nmap to see what they're up to.
– André Borie
Jun 8 '17 at 14:26
21
Could just be chance. You'd be amazed at how popular some SSIDs (eg. variations on "FBI Surveillance Van") are.
– Mark
Jun 8 '17 at 18:28
18
tread carefully and dont ignore SSL/TLS errors!
– n00b
Jun 8 '17 at 19:05
50
50
more people should take security this seriously. Its possible, if it is a targeted attack we call these rogue access points, where you mimic the name of someone else and see if clients connect to it. But we'll need more information, what exactly is the name of your network (ESSID) and how many people use it? Is this personal network? who else knows about this network? does your girlfriend have an ex that wants to get back together with her? you get the idea... some details would be good.
– Nalaurien
Jun 8 '17 at 7:58
more people should take security this seriously. Its possible, if it is a targeted attack we call these rogue access points, where you mimic the name of someone else and see if clients connect to it. But we'll need more information, what exactly is the name of your network (ESSID) and how many people use it? Is this personal network? who else knows about this network? does your girlfriend have an ex that wants to get back together with her? you get the idea... some details would be good.
– Nalaurien
Jun 8 '17 at 7:58
57
57
...maybe they are just politely asking you to change the capitalization of your SSID to a "more correct one" because it bothers them when they see it on their available networks list? I can imagine myself doing that... "Never attribute to malice that which is adequately explained by extreme nitpicking" (?)
– xDaizu
Jun 8 '17 at 10:55
...maybe they are just politely asking you to change the capitalization of your SSID to a "more correct one" because it bothers them when they see it on their available networks list? I can imagine myself doing that... "Never attribute to malice that which is adequately explained by extreme nitpicking" (?)
– xDaizu
Jun 8 '17 at 10:55
21
21
Connect to the network with a throwaway machine and try to scan the entire subnet with nmap to see what they're up to.
– André Borie
Jun 8 '17 at 14:26
Connect to the network with a throwaway machine and try to scan the entire subnet with nmap to see what they're up to.
– André Borie
Jun 8 '17 at 14:26
21
21
Could just be chance. You'd be amazed at how popular some SSIDs (eg. variations on "FBI Surveillance Van") are.
– Mark
Jun 8 '17 at 18:28
Could just be chance. You'd be amazed at how popular some SSIDs (eg. variations on "FBI Surveillance Van") are.
– Mark
Jun 8 '17 at 18:28
18
18
tread carefully and dont ignore SSL/TLS errors!
– n00b
Jun 8 '17 at 19:05
tread carefully and dont ignore SSL/TLS errors!
– n00b
Jun 8 '17 at 19:05
|
show 11 more comments
11 Answers
11
active
oldest
votes
Yes, it is most likely some kind of hacking ploy, although it's a guess as to why.
I do point out that locking your router down to specific MAC addresses might provide a tiny bit of security, but not much.
It's also unlikely that their actions are designed to hack your network - they are more likely to try and capture your traffic.
If it were me, I would take advantage of them - I'd get a cheap VPN and some dedicated hardware (low spec PC, large hard drive), connect it up to the VPN and their network and leach hard. Because you are using a VPN they won't be able to intercept your traffic but you can consume all their bandwidth until they wake up. (And you have plausible deniability "Hey, I thought I was connected to my AP - I used the SSID of my device)
Couple of other things to mull over -
It's conceivable that both of these APs are actually yours - one in the 2.4 gig band, one in the 5 gig band, and the 5 gig band is simply not encrypted. Check your router configuration to rule this out and/or some kind of Wifi Analyser (There are a few available from the Play store for Android) to help you work out where the signals are coming from by looking at signal strength.
Watch out for de-auth packets. If they are trying to hack your systems it would not surprise me if they are trying to send de-auth packets to interfere with your connections to increase the chance that someone on your network tries to connect to them.
113
He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.
– LPChip
Jun 8 '17 at 8:54
13
How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?
– Mehrdad
Jun 9 '17 at 1:19
20
@Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)
– davidgo
Jun 9 '17 at 2:47
17
@Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!
– Auspex
Jun 9 '17 at 13:16
3
Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.
– StockB
Jun 9 '17 at 16:15
|
show 10 more comments
It sounds to me that this is something called "Evil Twin".
Basically the attacker creates a network that mimics yours so you (or your machine all by itself) connect to that instead. He achieves that by, as davidgo said, sending de-auth packets to your router so you have to reconnect. By changing the MAC-Address of his own router to the one of yours, your computer automatically connects to the attackers network instead (given that its signal is stronger).
This allows the attacker to further harm you by Man-In-The-Middle Attacks or a fake DNS that redirects common websites to phishing sites.
Now you could do some science here and try to prove that this is indeed an attacker with bad intentions and report it, or simply take advantage of "free traffic" but since there might be some DNS shenanigans going on you could risk giving away sensitive information when not being careful while filling out forms.
54
Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."
– Corey Ogburn
Jun 8 '17 at 15:17
3
Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?
– JimmyB
Jun 9 '17 at 13:20
7
@JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.
– Kevin Fee
Jun 9 '17 at 20:24
3
If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.
– pHeoz
Jun 12 '17 at 15:26
1
@JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering
– BlueCacti
Jun 13 '17 at 11:12
add a comment |
I ran into a similar "issue" earlier this year while debugging wireless connectivity issues.
My suggestion is a question: do you own a chromecast?
The connectivity issues ended up being entirely the service provider's fault, but I was really stuck on this red herring SSID. By using a wifi signal strength analyzer app on my phone I tracked it down to the chromecast (which was an alternate capitalization of my wifi SSID), and there was much relief.
EDIT:. It is important to note that the Chromecast only needs power (not "internet") to host its own wifi, it will both connect to a wifi as well as hosting its own. You can connect to this but it doesn't do anything unless you are configuring it via the app
3
Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.
– K. Pick
Jun 11 '17 at 19:08
I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)
– K. Pick
Jun 11 '17 at 19:12
1
@K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.
– emed
Jun 12 '17 at 17:50
2
This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.
– KalleMP
Jun 13 '17 at 18:15
21
@K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.
– yankee
Jun 13 '17 at 19:06
|
show 5 more comments
Well - you seem to be taking security quite seriously. It is possible someone is trying to trick people joining the other network. Best way to start looking at this would be to change your SSID to something different - and also quite specific, for example a word with some digits substituting for letters and see if that SSID changes to similar to yours - perhaps your will be st0pthis
and theirs StopThis
. If you do record their SSID MAC address beforehand to see if the other SSID changed you can be even more suspicious.
A good way on linux to see MAC addresses is iwlist YourInterfaceName scanning | egrep 'Cell |Encryption|Quality|Last beacon|ESSID'
And of course you can and indeed should monitor your network for changes and suspicious activity as well keep your machines updated.
2
@r0berts Should implies choice with a strong recommendation.
– wizzwizz4
Jun 9 '17 at 19:08
I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )
– r0berts
Jun 9 '17 at 19:19
1
Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...
– a CVn
Jun 10 '17 at 15:19
I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.
– r0berts
Jun 13 '17 at 10:20
add a comment |
Simple trick,
Change your SSID and hide it see what happens.
If they copy your SSID again then you know you’re in trouble.
Extreme mode
Change your local DHCP network range to something that isn’t used on the open network
Configure a static IP if possible so your PC can't use the open WiFi
Configure your WiFi settings on your PC not to use open WiFi hotspots
Change your WiFi password to something like this:
HSAEz2ukki3ke2gu12WNuSDdDRxR3e
Change your admin password on your router just to make sure.
And finally use a VPN client on all your devices (also phones)
You use MAC filtering and that’s a good low level security feature.
Finally, use third party firewall and AV software and set the settings to annoyingly secure so you have to approve almost every action which has to do something with internet or network activity.
Once you get used to these things it will get easier to maintain and your firewall will relax because it learns from your actions.
Keep us posted! :)
add a comment |
Yes, this is exactly what you think it is: someone is trying to trick you to join their network by mistake. Don't connect to it. If you realize you just did, run an antivirus scan and remove whatever data you have been downloading as it cannot be trusted. If you happened to also send sensitive data like a password over this rogue connection, change it right away.
If this access point won't go away after a while, I suggest you take a reasonable effort to make it stop (like asking your neighbors to stop that or tell their kids to stop). A device capable of showing the WiFi signal strength, like a cellphone, should allow you to track down the location of this access point precisely enough.
The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.
– Rowan Hawkins
Jun 13 '17 at 23:14
add a comment |
A lot of times people with security concerns are just being paranoid. In this case, you have a very legitimate cause for concern.
Don't conclude maliciousness 100%, it could be an IT savvy neighbor trying to prank you, let's say by redirecting website requests to a joke site. Or someone who tried to set up their own network and just happened to imitate yours (but I am inclined to doubt that, any router nowadays will have a password requirement by default). But basically, the person would be able to see a lot of your traffic, which websites you visit, what you send and receive, apart from what's encrypted (and much is not encrypted). That could be for blackmail, espionage, stalking. On the other hand, it's not super sophisticated and quite easy to discover, so who knows.
More importantly, this isn't some generic mass global attack by foreign hackers, it means a physical access point is located near or in your house. If I was you, I would not alert them, but try to find it. If you have a fuse box, switch off power one course at a time, and wait five minutes and see if the access point disappears. That will tell you if it's something in your house. Otherwise you can use triangulation, a signal strength with GPS logger on your phone and take a walk through the neighborhood, or a Pringles can to find out roughly where it is. You might find an old ex with a knife, a buried box, or a neighbor's nerdy kids. If they care enough to do this, they might also have an audio bug. First track down generally where it is, and if it's inside someone's house, then you might want to call a bodyguard from work and go knocking on doors.
2
I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.
– KalleMP
Jun 13 '17 at 18:12
The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.
– K. Pick
Jun 18 '17 at 23:11
add a comment |
The other answers so far give you enough to do about this concrete situation.
However it should be noted that you have noticed a situation that may be an attempt to invade your private data. There are other situations when this kind of attack is less detectable. E.g. if your neighbour knows your Wifi-Password, which you could have told them when they kindly asked, because they were new in the house and there own uplink was not ready yet. But worst of all: If you are on an unencrypted Wifi (or one where the password is commonly known) such has Hotel or Airport Wifi, these attacks will be very hard to detect, because the attacker can set up the wifi with EXACTLY the same settings (same password and same SSID) and your devices will automatically connect to the strongest signal and never tell you that it made a choice.
The only option to actually stay safe is to encrypt ALL your traffic. Never enter your password, emailaddress, credit card number or any other information on a website that is not SSL/TLS encrypted. Consider downloads from unencrypted websites as compromised (malware could have been injected). Before entering/downloading data on an encrypted website, check that you are on the right domain (google.com, not giigle.com. SSL will not help if you are on a domain you do not want to talk to). Install HTTPS-Everywhere or the like Also remember that there are other services than your webbrowser that might transmit data, such as an IMAP email client. Make sure it also only operates on encrypted connections. Nowadays, there is hardly any reason not encrypt all your traffic, nevertheless some developers are just to lazy etc. If you need to use some application that does not support SSL or a similar security measure, then use a VPN. Note that the VPN provider will then still be able to read all your traffic which is not encrypted in addition to the encryption that the VPN provides.
add a comment |
IF it is a hacking attempt, it is being enacted by someone who is ignorant. Each SSID can be protected by a password of some kind and with some kind of cryptographic strength.
Simply having another access point configured with the same name as a near by access point is the same thing as this:
My name is Steve Smith and I've just moved into a house. And as it
happens to be true, my next door neighbor's
name is Steve Smith. But just because my neighbor and I have the same
name, does not mean the key to my front door will work on his front
door .... Nor does it mean that my door key will magically re-key
itself so that it also works on his door ...
and THAT is how silly it really is in terms of looking at this from a possible hacking scenario ...
Your answers:
1) Is this a ploy at hacking?
- Maybe, but it won't work.
2) Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?
- They might be, but it doesn't matter, since it won't work.
1
Kindly provide a solution to OP not just comments
– yass
Jun 14 '17 at 15:30
add a comment |
The answer is fairly simple,
IF it isn't yours, which you can check by disabling the chromecast and your router (also make sure other AP's are disabled).
If it still persist, it's most likely an attempt to monitor your traffic, in most cases it can't cause any harm, except if you use a lot of unencrypted sites (HTTP) instead off encrypted ones (HTTPS).
If you use HTTP, anything you send will be send as plain text, meaning that if your password is "123abc" they'd be able to see "123abc" as well.
A program which is able to undermine your traffic is for example WireShark.
add a comment |
If it was a hacking ploy, the network SSID would be exactly the same as yours and open - so that you would connect to it automatically (if they had stronger signal) and you wouldn't notice.
I often do this to my neighbours at weekends when they are playing youtube on their laptop or phone after 1am - basically clone their network (only one unique SSID allowed) and put a password - it stops them as they go out of signal and come back in and they've not ever figured it out. They just think the WiFi is broken again.
If I left it open, no password - they would connect and I would be able to perform a DNS reroute or man in the middle attack and monitor their net activity or other things that might be considered illegal - sure they might tap in my router IP and see connected devices - but it doesn't happen.
As a security analyst, I would consider that a network ID such as "bestfriend" has simply made a new "BestFriend".
If it was a real hacking ploy - it would be the exact same SSID and open network and you likely wouldn't notice as you reconnected to WiFi, as likley there is autoconnect to name.
It's a very old trick - take a laptop into a coffeeshop and DNS reroute from a wireless dongle to their login site - get people's traffic.
One reason why card readers often work off the WiFi and are hard-lined to the bank - it's too easy to MiM a Starbuck's network and another few seconds to watch the image cache of every device - hotels too, that use repeaters for extended WiFi.
Esp. in USA, where some hotels do not even have a password and are very tall.
Sniff that in a few seconds and even access the main desk machines or backoffice from a telephone, sometimes.
(I've had network names such as "I've seen you naked" and someone's changed theirs to "me too" and "I don't want to see you naked". Or sent messages - eg, "working shifts", so neighbours know that it's ok to party all night, but please don't wake me by knocking my door for a chat because I'll be asleep at 0800).
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1217160%2fssid-with-very-similar-name-is-this-an-attempt-of-hacking%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
11 Answers
11
active
oldest
votes
11 Answers
11
active
oldest
votes
active
oldest
votes
active
oldest
votes
Yes, it is most likely some kind of hacking ploy, although it's a guess as to why.
I do point out that locking your router down to specific MAC addresses might provide a tiny bit of security, but not much.
It's also unlikely that their actions are designed to hack your network - they are more likely to try and capture your traffic.
If it were me, I would take advantage of them - I'd get a cheap VPN and some dedicated hardware (low spec PC, large hard drive), connect it up to the VPN and their network and leach hard. Because you are using a VPN they won't be able to intercept your traffic but you can consume all their bandwidth until they wake up. (And you have plausible deniability "Hey, I thought I was connected to my AP - I used the SSID of my device)
Couple of other things to mull over -
It's conceivable that both of these APs are actually yours - one in the 2.4 gig band, one in the 5 gig band, and the 5 gig band is simply not encrypted. Check your router configuration to rule this out and/or some kind of Wifi Analyser (There are a few available from the Play store for Android) to help you work out where the signals are coming from by looking at signal strength.
Watch out for de-auth packets. If they are trying to hack your systems it would not surprise me if they are trying to send de-auth packets to interfere with your connections to increase the chance that someone on your network tries to connect to them.
113
He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.
– LPChip
Jun 8 '17 at 8:54
13
How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?
– Mehrdad
Jun 9 '17 at 1:19
20
@Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)
– davidgo
Jun 9 '17 at 2:47
17
@Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!
– Auspex
Jun 9 '17 at 13:16
3
Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.
– StockB
Jun 9 '17 at 16:15
|
show 10 more comments
Yes, it is most likely some kind of hacking ploy, although it's a guess as to why.
I do point out that locking your router down to specific MAC addresses might provide a tiny bit of security, but not much.
It's also unlikely that their actions are designed to hack your network - they are more likely to try and capture your traffic.
If it were me, I would take advantage of them - I'd get a cheap VPN and some dedicated hardware (low spec PC, large hard drive), connect it up to the VPN and their network and leach hard. Because you are using a VPN they won't be able to intercept your traffic but you can consume all their bandwidth until they wake up. (And you have plausible deniability "Hey, I thought I was connected to my AP - I used the SSID of my device)
Couple of other things to mull over -
It's conceivable that both of these APs are actually yours - one in the 2.4 gig band, one in the 5 gig band, and the 5 gig band is simply not encrypted. Check your router configuration to rule this out and/or some kind of Wifi Analyser (There are a few available from the Play store for Android) to help you work out where the signals are coming from by looking at signal strength.
Watch out for de-auth packets. If they are trying to hack your systems it would not surprise me if they are trying to send de-auth packets to interfere with your connections to increase the chance that someone on your network tries to connect to them.
113
He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.
– LPChip
Jun 8 '17 at 8:54
13
How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?
– Mehrdad
Jun 9 '17 at 1:19
20
@Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)
– davidgo
Jun 9 '17 at 2:47
17
@Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!
– Auspex
Jun 9 '17 at 13:16
3
Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.
– StockB
Jun 9 '17 at 16:15
|
show 10 more comments
Yes, it is most likely some kind of hacking ploy, although it's a guess as to why.
I do point out that locking your router down to specific MAC addresses might provide a tiny bit of security, but not much.
It's also unlikely that their actions are designed to hack your network - they are more likely to try and capture your traffic.
If it were me, I would take advantage of them - I'd get a cheap VPN and some dedicated hardware (low spec PC, large hard drive), connect it up to the VPN and their network and leach hard. Because you are using a VPN they won't be able to intercept your traffic but you can consume all their bandwidth until they wake up. (And you have plausible deniability "Hey, I thought I was connected to my AP - I used the SSID of my device)
Couple of other things to mull over -
It's conceivable that both of these APs are actually yours - one in the 2.4 gig band, one in the 5 gig band, and the 5 gig band is simply not encrypted. Check your router configuration to rule this out and/or some kind of Wifi Analyser (There are a few available from the Play store for Android) to help you work out where the signals are coming from by looking at signal strength.
Watch out for de-auth packets. If they are trying to hack your systems it would not surprise me if they are trying to send de-auth packets to interfere with your connections to increase the chance that someone on your network tries to connect to them.
Yes, it is most likely some kind of hacking ploy, although it's a guess as to why.
I do point out that locking your router down to specific MAC addresses might provide a tiny bit of security, but not much.
It's also unlikely that their actions are designed to hack your network - they are more likely to try and capture your traffic.
If it were me, I would take advantage of them - I'd get a cheap VPN and some dedicated hardware (low spec PC, large hard drive), connect it up to the VPN and their network and leach hard. Because you are using a VPN they won't be able to intercept your traffic but you can consume all their bandwidth until they wake up. (And you have plausible deniability "Hey, I thought I was connected to my AP - I used the SSID of my device)
Couple of other things to mull over -
It's conceivable that both of these APs are actually yours - one in the 2.4 gig band, one in the 5 gig band, and the 5 gig band is simply not encrypted. Check your router configuration to rule this out and/or some kind of Wifi Analyser (There are a few available from the Play store for Android) to help you work out where the signals are coming from by looking at signal strength.
Watch out for de-auth packets. If they are trying to hack your systems it would not surprise me if they are trying to send de-auth packets to interfere with your connections to increase the chance that someone on your network tries to connect to them.
edited Jun 8 '17 at 20:04
mjr
1033
1033
answered Jun 8 '17 at 8:10
davidgodavidgo
43.7k75291
43.7k75291
113
He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.
– LPChip
Jun 8 '17 at 8:54
13
How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?
– Mehrdad
Jun 9 '17 at 1:19
20
@Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)
– davidgo
Jun 9 '17 at 2:47
17
@Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!
– Auspex
Jun 9 '17 at 13:16
3
Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.
– StockB
Jun 9 '17 at 16:15
|
show 10 more comments
113
He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.
– LPChip
Jun 8 '17 at 8:54
13
How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?
– Mehrdad
Jun 9 '17 at 1:19
20
@Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)
– davidgo
Jun 9 '17 at 2:47
17
@Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!
– Auspex
Jun 9 '17 at 13:16
3
Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.
– StockB
Jun 9 '17 at 16:15
113
113
He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.
– LPChip
Jun 8 '17 at 8:54
He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.
– LPChip
Jun 8 '17 at 8:54
13
13
How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?
– Mehrdad
Jun 9 '17 at 1:19
How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?
– Mehrdad
Jun 9 '17 at 1:19
20
20
@Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)
– davidgo
Jun 9 '17 at 2:47
@Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)
– davidgo
Jun 9 '17 at 2:47
17
17
@Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!
– Auspex
Jun 9 '17 at 13:16
@Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!
– Auspex
Jun 9 '17 at 13:16
3
3
Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.
– StockB
Jun 9 '17 at 16:15
Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.
– StockB
Jun 9 '17 at 16:15
|
show 10 more comments
It sounds to me that this is something called "Evil Twin".
Basically the attacker creates a network that mimics yours so you (or your machine all by itself) connect to that instead. He achieves that by, as davidgo said, sending de-auth packets to your router so you have to reconnect. By changing the MAC-Address of his own router to the one of yours, your computer automatically connects to the attackers network instead (given that its signal is stronger).
This allows the attacker to further harm you by Man-In-The-Middle Attacks or a fake DNS that redirects common websites to phishing sites.
Now you could do some science here and try to prove that this is indeed an attacker with bad intentions and report it, or simply take advantage of "free traffic" but since there might be some DNS shenanigans going on you could risk giving away sensitive information when not being careful while filling out forms.
54
Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."
– Corey Ogburn
Jun 8 '17 at 15:17
3
Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?
– JimmyB
Jun 9 '17 at 13:20
7
@JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.
– Kevin Fee
Jun 9 '17 at 20:24
3
If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.
– pHeoz
Jun 12 '17 at 15:26
1
@JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering
– BlueCacti
Jun 13 '17 at 11:12
add a comment |
It sounds to me that this is something called "Evil Twin".
Basically the attacker creates a network that mimics yours so you (or your machine all by itself) connect to that instead. He achieves that by, as davidgo said, sending de-auth packets to your router so you have to reconnect. By changing the MAC-Address of his own router to the one of yours, your computer automatically connects to the attackers network instead (given that its signal is stronger).
This allows the attacker to further harm you by Man-In-The-Middle Attacks or a fake DNS that redirects common websites to phishing sites.
Now you could do some science here and try to prove that this is indeed an attacker with bad intentions and report it, or simply take advantage of "free traffic" but since there might be some DNS shenanigans going on you could risk giving away sensitive information when not being careful while filling out forms.
54
Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."
– Corey Ogburn
Jun 8 '17 at 15:17
3
Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?
– JimmyB
Jun 9 '17 at 13:20
7
@JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.
– Kevin Fee
Jun 9 '17 at 20:24
3
If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.
– pHeoz
Jun 12 '17 at 15:26
1
@JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering
– BlueCacti
Jun 13 '17 at 11:12
add a comment |
It sounds to me that this is something called "Evil Twin".
Basically the attacker creates a network that mimics yours so you (or your machine all by itself) connect to that instead. He achieves that by, as davidgo said, sending de-auth packets to your router so you have to reconnect. By changing the MAC-Address of his own router to the one of yours, your computer automatically connects to the attackers network instead (given that its signal is stronger).
This allows the attacker to further harm you by Man-In-The-Middle Attacks or a fake DNS that redirects common websites to phishing sites.
Now you could do some science here and try to prove that this is indeed an attacker with bad intentions and report it, or simply take advantage of "free traffic" but since there might be some DNS shenanigans going on you could risk giving away sensitive information when not being careful while filling out forms.
It sounds to me that this is something called "Evil Twin".
Basically the attacker creates a network that mimics yours so you (or your machine all by itself) connect to that instead. He achieves that by, as davidgo said, sending de-auth packets to your router so you have to reconnect. By changing the MAC-Address of his own router to the one of yours, your computer automatically connects to the attackers network instead (given that its signal is stronger).
This allows the attacker to further harm you by Man-In-The-Middle Attacks or a fake DNS that redirects common websites to phishing sites.
Now you could do some science here and try to prove that this is indeed an attacker with bad intentions and report it, or simply take advantage of "free traffic" but since there might be some DNS shenanigans going on you could risk giving away sensitive information when not being careful while filling out forms.
answered Jun 8 '17 at 9:42
EchoEcho
67123
67123
54
Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."
– Corey Ogburn
Jun 8 '17 at 15:17
3
Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?
– JimmyB
Jun 9 '17 at 13:20
7
@JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.
– Kevin Fee
Jun 9 '17 at 20:24
3
If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.
– pHeoz
Jun 12 '17 at 15:26
1
@JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering
– BlueCacti
Jun 13 '17 at 11:12
add a comment |
54
Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."
– Corey Ogburn
Jun 8 '17 at 15:17
3
Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?
– JimmyB
Jun 9 '17 at 13:20
7
@JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.
– Kevin Fee
Jun 9 '17 at 20:24
3
If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.
– pHeoz
Jun 12 '17 at 15:26
1
@JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering
– BlueCacti
Jun 13 '17 at 11:12
54
54
Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."
– Corey Ogburn
Jun 8 '17 at 15:17
Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."
– Corey Ogburn
Jun 8 '17 at 15:17
3
3
Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?
– JimmyB
Jun 9 '17 at 13:20
Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?
– JimmyB
Jun 9 '17 at 13:20
7
7
@JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.
– Kevin Fee
Jun 9 '17 at 20:24
@JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.
– Kevin Fee
Jun 9 '17 at 20:24
3
3
If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.
– pHeoz
Jun 12 '17 at 15:26
If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.
– pHeoz
Jun 12 '17 at 15:26
1
1
@JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering
– BlueCacti
Jun 13 '17 at 11:12
@JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering
– BlueCacti
Jun 13 '17 at 11:12
add a comment |
I ran into a similar "issue" earlier this year while debugging wireless connectivity issues.
My suggestion is a question: do you own a chromecast?
The connectivity issues ended up being entirely the service provider's fault, but I was really stuck on this red herring SSID. By using a wifi signal strength analyzer app on my phone I tracked it down to the chromecast (which was an alternate capitalization of my wifi SSID), and there was much relief.
EDIT:. It is important to note that the Chromecast only needs power (not "internet") to host its own wifi, it will both connect to a wifi as well as hosting its own. You can connect to this but it doesn't do anything unless you are configuring it via the app
3
Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.
– K. Pick
Jun 11 '17 at 19:08
I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)
– K. Pick
Jun 11 '17 at 19:12
1
@K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.
– emed
Jun 12 '17 at 17:50
2
This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.
– KalleMP
Jun 13 '17 at 18:15
21
@K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.
– yankee
Jun 13 '17 at 19:06
|
show 5 more comments
I ran into a similar "issue" earlier this year while debugging wireless connectivity issues.
My suggestion is a question: do you own a chromecast?
The connectivity issues ended up being entirely the service provider's fault, but I was really stuck on this red herring SSID. By using a wifi signal strength analyzer app on my phone I tracked it down to the chromecast (which was an alternate capitalization of my wifi SSID), and there was much relief.
EDIT:. It is important to note that the Chromecast only needs power (not "internet") to host its own wifi, it will both connect to a wifi as well as hosting its own. You can connect to this but it doesn't do anything unless you are configuring it via the app
3
Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.
– K. Pick
Jun 11 '17 at 19:08
I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)
– K. Pick
Jun 11 '17 at 19:12
1
@K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.
– emed
Jun 12 '17 at 17:50
2
This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.
– KalleMP
Jun 13 '17 at 18:15
21
@K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.
– yankee
Jun 13 '17 at 19:06
|
show 5 more comments
I ran into a similar "issue" earlier this year while debugging wireless connectivity issues.
My suggestion is a question: do you own a chromecast?
The connectivity issues ended up being entirely the service provider's fault, but I was really stuck on this red herring SSID. By using a wifi signal strength analyzer app on my phone I tracked it down to the chromecast (which was an alternate capitalization of my wifi SSID), and there was much relief.
EDIT:. It is important to note that the Chromecast only needs power (not "internet") to host its own wifi, it will both connect to a wifi as well as hosting its own. You can connect to this but it doesn't do anything unless you are configuring it via the app
I ran into a similar "issue" earlier this year while debugging wireless connectivity issues.
My suggestion is a question: do you own a chromecast?
The connectivity issues ended up being entirely the service provider's fault, but I was really stuck on this red herring SSID. By using a wifi signal strength analyzer app on my phone I tracked it down to the chromecast (which was an alternate capitalization of my wifi SSID), and there was much relief.
EDIT:. It is important to note that the Chromecast only needs power (not "internet") to host its own wifi, it will both connect to a wifi as well as hosting its own. You can connect to this but it doesn't do anything unless you are configuring it via the app
edited Jun 15 '17 at 0:03
answered Jun 9 '17 at 19:04
CireoCireo
53123
53123
3
Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.
– K. Pick
Jun 11 '17 at 19:08
I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)
– K. Pick
Jun 11 '17 at 19:12
1
@K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.
– emed
Jun 12 '17 at 17:50
2
This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.
– KalleMP
Jun 13 '17 at 18:15
21
@K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.
– yankee
Jun 13 '17 at 19:06
|
show 5 more comments
3
Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.
– K. Pick
Jun 11 '17 at 19:08
I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)
– K. Pick
Jun 11 '17 at 19:12
1
@K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.
– emed
Jun 12 '17 at 17:50
2
This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.
– KalleMP
Jun 13 '17 at 18:15
21
@K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.
– yankee
Jun 13 '17 at 19:06
3
3
Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.
– K. Pick
Jun 11 '17 at 19:08
Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.
– K. Pick
Jun 11 '17 at 19:08
I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)
– K. Pick
Jun 11 '17 at 19:12
I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)
– K. Pick
Jun 11 '17 at 19:12
1
1
@K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.
– emed
Jun 12 '17 at 17:50
@K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.
– emed
Jun 12 '17 at 17:50
2
2
This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.
– KalleMP
Jun 13 '17 at 18:15
This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.
– KalleMP
Jun 13 '17 at 18:15
21
21
@K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.
– yankee
Jun 13 '17 at 19:06
@K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.
– yankee
Jun 13 '17 at 19:06
|
show 5 more comments
Well - you seem to be taking security quite seriously. It is possible someone is trying to trick people joining the other network. Best way to start looking at this would be to change your SSID to something different - and also quite specific, for example a word with some digits substituting for letters and see if that SSID changes to similar to yours - perhaps your will be st0pthis
and theirs StopThis
. If you do record their SSID MAC address beforehand to see if the other SSID changed you can be even more suspicious.
A good way on linux to see MAC addresses is iwlist YourInterfaceName scanning | egrep 'Cell |Encryption|Quality|Last beacon|ESSID'
And of course you can and indeed should monitor your network for changes and suspicious activity as well keep your machines updated.
2
@r0berts Should implies choice with a strong recommendation.
– wizzwizz4
Jun 9 '17 at 19:08
I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )
– r0berts
Jun 9 '17 at 19:19
1
Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...
– a CVn
Jun 10 '17 at 15:19
I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.
– r0berts
Jun 13 '17 at 10:20
add a comment |
Well - you seem to be taking security quite seriously. It is possible someone is trying to trick people joining the other network. Best way to start looking at this would be to change your SSID to something different - and also quite specific, for example a word with some digits substituting for letters and see if that SSID changes to similar to yours - perhaps your will be st0pthis
and theirs StopThis
. If you do record their SSID MAC address beforehand to see if the other SSID changed you can be even more suspicious.
A good way on linux to see MAC addresses is iwlist YourInterfaceName scanning | egrep 'Cell |Encryption|Quality|Last beacon|ESSID'
And of course you can and indeed should monitor your network for changes and suspicious activity as well keep your machines updated.
2
@r0berts Should implies choice with a strong recommendation.
– wizzwizz4
Jun 9 '17 at 19:08
I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )
– r0berts
Jun 9 '17 at 19:19
1
Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...
– a CVn
Jun 10 '17 at 15:19
I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.
– r0berts
Jun 13 '17 at 10:20
add a comment |
Well - you seem to be taking security quite seriously. It is possible someone is trying to trick people joining the other network. Best way to start looking at this would be to change your SSID to something different - and also quite specific, for example a word with some digits substituting for letters and see if that SSID changes to similar to yours - perhaps your will be st0pthis
and theirs StopThis
. If you do record their SSID MAC address beforehand to see if the other SSID changed you can be even more suspicious.
A good way on linux to see MAC addresses is iwlist YourInterfaceName scanning | egrep 'Cell |Encryption|Quality|Last beacon|ESSID'
And of course you can and indeed should monitor your network for changes and suspicious activity as well keep your machines updated.
Well - you seem to be taking security quite seriously. It is possible someone is trying to trick people joining the other network. Best way to start looking at this would be to change your SSID to something different - and also quite specific, for example a word with some digits substituting for letters and see if that SSID changes to similar to yours - perhaps your will be st0pthis
and theirs StopThis
. If you do record their SSID MAC address beforehand to see if the other SSID changed you can be even more suspicious.
A good way on linux to see MAC addresses is iwlist YourInterfaceName scanning | egrep 'Cell |Encryption|Quality|Last beacon|ESSID'
And of course you can and indeed should monitor your network for changes and suspicious activity as well keep your machines updated.
edited Jun 9 '17 at 19:19
answered Jun 8 '17 at 7:48
r0bertsr0berts
1,478815
1,478815
2
@r0berts Should implies choice with a strong recommendation.
– wizzwizz4
Jun 9 '17 at 19:08
I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )
– r0berts
Jun 9 '17 at 19:19
1
Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...
– a CVn
Jun 10 '17 at 15:19
I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.
– r0berts
Jun 13 '17 at 10:20
add a comment |
2
@r0berts Should implies choice with a strong recommendation.
– wizzwizz4
Jun 9 '17 at 19:08
I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )
– r0berts
Jun 9 '17 at 19:19
1
Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...
– a CVn
Jun 10 '17 at 15:19
I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.
– r0berts
Jun 13 '17 at 10:20
2
2
@r0berts Should implies choice with a strong recommendation.
– wizzwizz4
Jun 9 '17 at 19:08
@r0berts Should implies choice with a strong recommendation.
– wizzwizz4
Jun 9 '17 at 19:08
I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )
– r0berts
Jun 9 '17 at 19:19
I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )
– r0berts
Jun 9 '17 at 19:19
1
1
Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...
– a CVn
Jun 10 '17 at 15:19
Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...
– a CVn
Jun 10 '17 at 15:19
I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.
– r0berts
Jun 13 '17 at 10:20
I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.
– r0berts
Jun 13 '17 at 10:20
add a comment |
Simple trick,
Change your SSID and hide it see what happens.
If they copy your SSID again then you know you’re in trouble.
Extreme mode
Change your local DHCP network range to something that isn’t used on the open network
Configure a static IP if possible so your PC can't use the open WiFi
Configure your WiFi settings on your PC not to use open WiFi hotspots
Change your WiFi password to something like this:
HSAEz2ukki3ke2gu12WNuSDdDRxR3e
Change your admin password on your router just to make sure.
And finally use a VPN client on all your devices (also phones)
You use MAC filtering and that’s a good low level security feature.
Finally, use third party firewall and AV software and set the settings to annoyingly secure so you have to approve almost every action which has to do something with internet or network activity.
Once you get used to these things it will get easier to maintain and your firewall will relax because it learns from your actions.
Keep us posted! :)
add a comment |
Simple trick,
Change your SSID and hide it see what happens.
If they copy your SSID again then you know you’re in trouble.
Extreme mode
Change your local DHCP network range to something that isn’t used on the open network
Configure a static IP if possible so your PC can't use the open WiFi
Configure your WiFi settings on your PC not to use open WiFi hotspots
Change your WiFi password to something like this:
HSAEz2ukki3ke2gu12WNuSDdDRxR3e
Change your admin password on your router just to make sure.
And finally use a VPN client on all your devices (also phones)
You use MAC filtering and that’s a good low level security feature.
Finally, use third party firewall and AV software and set the settings to annoyingly secure so you have to approve almost every action which has to do something with internet or network activity.
Once you get used to these things it will get easier to maintain and your firewall will relax because it learns from your actions.
Keep us posted! :)
add a comment |
Simple trick,
Change your SSID and hide it see what happens.
If they copy your SSID again then you know you’re in trouble.
Extreme mode
Change your local DHCP network range to something that isn’t used on the open network
Configure a static IP if possible so your PC can't use the open WiFi
Configure your WiFi settings on your PC not to use open WiFi hotspots
Change your WiFi password to something like this:
HSAEz2ukki3ke2gu12WNuSDdDRxR3e
Change your admin password on your router just to make sure.
And finally use a VPN client on all your devices (also phones)
You use MAC filtering and that’s a good low level security feature.
Finally, use third party firewall and AV software and set the settings to annoyingly secure so you have to approve almost every action which has to do something with internet or network activity.
Once you get used to these things it will get easier to maintain and your firewall will relax because it learns from your actions.
Keep us posted! :)
Simple trick,
Change your SSID and hide it see what happens.
If they copy your SSID again then you know you’re in trouble.
Extreme mode
Change your local DHCP network range to something that isn’t used on the open network
Configure a static IP if possible so your PC can't use the open WiFi
Configure your WiFi settings on your PC not to use open WiFi hotspots
Change your WiFi password to something like this:
HSAEz2ukki3ke2gu12WNuSDdDRxR3e
Change your admin password on your router just to make sure.
And finally use a VPN client on all your devices (also phones)
You use MAC filtering and that’s a good low level security feature.
Finally, use third party firewall and AV software and set the settings to annoyingly secure so you have to approve almost every action which has to do something with internet or network activity.
Once you get used to these things it will get easier to maintain and your firewall will relax because it learns from your actions.
Keep us posted! :)
edited Jun 16 '17 at 15:01
Kevin Panko
5,919113648
5,919113648
answered Jun 9 '17 at 7:02
MR_MiyatiMR_Miyati
1114
1114
add a comment |
add a comment |
Yes, this is exactly what you think it is: someone is trying to trick you to join their network by mistake. Don't connect to it. If you realize you just did, run an antivirus scan and remove whatever data you have been downloading as it cannot be trusted. If you happened to also send sensitive data like a password over this rogue connection, change it right away.
If this access point won't go away after a while, I suggest you take a reasonable effort to make it stop (like asking your neighbors to stop that or tell their kids to stop). A device capable of showing the WiFi signal strength, like a cellphone, should allow you to track down the location of this access point precisely enough.
The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.
– Rowan Hawkins
Jun 13 '17 at 23:14
add a comment |
Yes, this is exactly what you think it is: someone is trying to trick you to join their network by mistake. Don't connect to it. If you realize you just did, run an antivirus scan and remove whatever data you have been downloading as it cannot be trusted. If you happened to also send sensitive data like a password over this rogue connection, change it right away.
If this access point won't go away after a while, I suggest you take a reasonable effort to make it stop (like asking your neighbors to stop that or tell their kids to stop). A device capable of showing the WiFi signal strength, like a cellphone, should allow you to track down the location of this access point precisely enough.
The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.
– Rowan Hawkins
Jun 13 '17 at 23:14
add a comment |
Yes, this is exactly what you think it is: someone is trying to trick you to join their network by mistake. Don't connect to it. If you realize you just did, run an antivirus scan and remove whatever data you have been downloading as it cannot be trusted. If you happened to also send sensitive data like a password over this rogue connection, change it right away.
If this access point won't go away after a while, I suggest you take a reasonable effort to make it stop (like asking your neighbors to stop that or tell their kids to stop). A device capable of showing the WiFi signal strength, like a cellphone, should allow you to track down the location of this access point precisely enough.
Yes, this is exactly what you think it is: someone is trying to trick you to join their network by mistake. Don't connect to it. If you realize you just did, run an antivirus scan and remove whatever data you have been downloading as it cannot be trusted. If you happened to also send sensitive data like a password over this rogue connection, change it right away.
If this access point won't go away after a while, I suggest you take a reasonable effort to make it stop (like asking your neighbors to stop that or tell their kids to stop). A device capable of showing the WiFi signal strength, like a cellphone, should allow you to track down the location of this access point precisely enough.
answered Jun 8 '17 at 13:00
Dmitry GrigoryevDmitry Grigoryev
5,88112158
5,88112158
The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.
– Rowan Hawkins
Jun 13 '17 at 23:14
add a comment |
The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.
– Rowan Hawkins
Jun 13 '17 at 23:14
The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.
– Rowan Hawkins
Jun 13 '17 at 23:14
The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.
– Rowan Hawkins
Jun 13 '17 at 23:14
add a comment |
A lot of times people with security concerns are just being paranoid. In this case, you have a very legitimate cause for concern.
Don't conclude maliciousness 100%, it could be an IT savvy neighbor trying to prank you, let's say by redirecting website requests to a joke site. Or someone who tried to set up their own network and just happened to imitate yours (but I am inclined to doubt that, any router nowadays will have a password requirement by default). But basically, the person would be able to see a lot of your traffic, which websites you visit, what you send and receive, apart from what's encrypted (and much is not encrypted). That could be for blackmail, espionage, stalking. On the other hand, it's not super sophisticated and quite easy to discover, so who knows.
More importantly, this isn't some generic mass global attack by foreign hackers, it means a physical access point is located near or in your house. If I was you, I would not alert them, but try to find it. If you have a fuse box, switch off power one course at a time, and wait five minutes and see if the access point disappears. That will tell you if it's something in your house. Otherwise you can use triangulation, a signal strength with GPS logger on your phone and take a walk through the neighborhood, or a Pringles can to find out roughly where it is. You might find an old ex with a knife, a buried box, or a neighbor's nerdy kids. If they care enough to do this, they might also have an audio bug. First track down generally where it is, and if it's inside someone's house, then you might want to call a bodyguard from work and go knocking on doors.
2
I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.
– KalleMP
Jun 13 '17 at 18:12
The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.
– K. Pick
Jun 18 '17 at 23:11
add a comment |
A lot of times people with security concerns are just being paranoid. In this case, you have a very legitimate cause for concern.
Don't conclude maliciousness 100%, it could be an IT savvy neighbor trying to prank you, let's say by redirecting website requests to a joke site. Or someone who tried to set up their own network and just happened to imitate yours (but I am inclined to doubt that, any router nowadays will have a password requirement by default). But basically, the person would be able to see a lot of your traffic, which websites you visit, what you send and receive, apart from what's encrypted (and much is not encrypted). That could be for blackmail, espionage, stalking. On the other hand, it's not super sophisticated and quite easy to discover, so who knows.
More importantly, this isn't some generic mass global attack by foreign hackers, it means a physical access point is located near or in your house. If I was you, I would not alert them, but try to find it. If you have a fuse box, switch off power one course at a time, and wait five minutes and see if the access point disappears. That will tell you if it's something in your house. Otherwise you can use triangulation, a signal strength with GPS logger on your phone and take a walk through the neighborhood, or a Pringles can to find out roughly where it is. You might find an old ex with a knife, a buried box, or a neighbor's nerdy kids. If they care enough to do this, they might also have an audio bug. First track down generally where it is, and if it's inside someone's house, then you might want to call a bodyguard from work and go knocking on doors.
2
I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.
– KalleMP
Jun 13 '17 at 18:12
The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.
– K. Pick
Jun 18 '17 at 23:11
add a comment |
A lot of times people with security concerns are just being paranoid. In this case, you have a very legitimate cause for concern.
Don't conclude maliciousness 100%, it could be an IT savvy neighbor trying to prank you, let's say by redirecting website requests to a joke site. Or someone who tried to set up their own network and just happened to imitate yours (but I am inclined to doubt that, any router nowadays will have a password requirement by default). But basically, the person would be able to see a lot of your traffic, which websites you visit, what you send and receive, apart from what's encrypted (and much is not encrypted). That could be for blackmail, espionage, stalking. On the other hand, it's not super sophisticated and quite easy to discover, so who knows.
More importantly, this isn't some generic mass global attack by foreign hackers, it means a physical access point is located near or in your house. If I was you, I would not alert them, but try to find it. If you have a fuse box, switch off power one course at a time, and wait five minutes and see if the access point disappears. That will tell you if it's something in your house. Otherwise you can use triangulation, a signal strength with GPS logger on your phone and take a walk through the neighborhood, or a Pringles can to find out roughly where it is. You might find an old ex with a knife, a buried box, or a neighbor's nerdy kids. If they care enough to do this, they might also have an audio bug. First track down generally where it is, and if it's inside someone's house, then you might want to call a bodyguard from work and go knocking on doors.
A lot of times people with security concerns are just being paranoid. In this case, you have a very legitimate cause for concern.
Don't conclude maliciousness 100%, it could be an IT savvy neighbor trying to prank you, let's say by redirecting website requests to a joke site. Or someone who tried to set up their own network and just happened to imitate yours (but I am inclined to doubt that, any router nowadays will have a password requirement by default). But basically, the person would be able to see a lot of your traffic, which websites you visit, what you send and receive, apart from what's encrypted (and much is not encrypted). That could be for blackmail, espionage, stalking. On the other hand, it's not super sophisticated and quite easy to discover, so who knows.
More importantly, this isn't some generic mass global attack by foreign hackers, it means a physical access point is located near or in your house. If I was you, I would not alert them, but try to find it. If you have a fuse box, switch off power one course at a time, and wait five minutes and see if the access point disappears. That will tell you if it's something in your house. Otherwise you can use triangulation, a signal strength with GPS logger on your phone and take a walk through the neighborhood, or a Pringles can to find out roughly where it is. You might find an old ex with a knife, a buried box, or a neighbor's nerdy kids. If they care enough to do this, they might also have an audio bug. First track down generally where it is, and if it's inside someone's house, then you might want to call a bodyguard from work and go knocking on doors.
answered Jun 10 '17 at 7:22
BobBob
912
912
2
I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.
– KalleMP
Jun 13 '17 at 18:12
The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.
– K. Pick
Jun 18 '17 at 23:11
add a comment |
2
I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.
– KalleMP
Jun 13 '17 at 18:12
The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.
– K. Pick
Jun 18 '17 at 23:11
2
2
I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.
– KalleMP
Jun 13 '17 at 18:12
I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.
– KalleMP
Jun 13 '17 at 18:12
The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.
– K. Pick
Jun 18 '17 at 23:11
The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.
– K. Pick
Jun 18 '17 at 23:11
add a comment |
The other answers so far give you enough to do about this concrete situation.
However it should be noted that you have noticed a situation that may be an attempt to invade your private data. There are other situations when this kind of attack is less detectable. E.g. if your neighbour knows your Wifi-Password, which you could have told them when they kindly asked, because they were new in the house and there own uplink was not ready yet. But worst of all: If you are on an unencrypted Wifi (or one where the password is commonly known) such has Hotel or Airport Wifi, these attacks will be very hard to detect, because the attacker can set up the wifi with EXACTLY the same settings (same password and same SSID) and your devices will automatically connect to the strongest signal and never tell you that it made a choice.
The only option to actually stay safe is to encrypt ALL your traffic. Never enter your password, emailaddress, credit card number or any other information on a website that is not SSL/TLS encrypted. Consider downloads from unencrypted websites as compromised (malware could have been injected). Before entering/downloading data on an encrypted website, check that you are on the right domain (google.com, not giigle.com. SSL will not help if you are on a domain you do not want to talk to). Install HTTPS-Everywhere or the like Also remember that there are other services than your webbrowser that might transmit data, such as an IMAP email client. Make sure it also only operates on encrypted connections. Nowadays, there is hardly any reason not encrypt all your traffic, nevertheless some developers are just to lazy etc. If you need to use some application that does not support SSL or a similar security measure, then use a VPN. Note that the VPN provider will then still be able to read all your traffic which is not encrypted in addition to the encryption that the VPN provides.
add a comment |
The other answers so far give you enough to do about this concrete situation.
However it should be noted that you have noticed a situation that may be an attempt to invade your private data. There are other situations when this kind of attack is less detectable. E.g. if your neighbour knows your Wifi-Password, which you could have told them when they kindly asked, because they were new in the house and there own uplink was not ready yet. But worst of all: If you are on an unencrypted Wifi (or one where the password is commonly known) such has Hotel or Airport Wifi, these attacks will be very hard to detect, because the attacker can set up the wifi with EXACTLY the same settings (same password and same SSID) and your devices will automatically connect to the strongest signal and never tell you that it made a choice.
The only option to actually stay safe is to encrypt ALL your traffic. Never enter your password, emailaddress, credit card number or any other information on a website that is not SSL/TLS encrypted. Consider downloads from unencrypted websites as compromised (malware could have been injected). Before entering/downloading data on an encrypted website, check that you are on the right domain (google.com, not giigle.com. SSL will not help if you are on a domain you do not want to talk to). Install HTTPS-Everywhere or the like Also remember that there are other services than your webbrowser that might transmit data, such as an IMAP email client. Make sure it also only operates on encrypted connections. Nowadays, there is hardly any reason not encrypt all your traffic, nevertheless some developers are just to lazy etc. If you need to use some application that does not support SSL or a similar security measure, then use a VPN. Note that the VPN provider will then still be able to read all your traffic which is not encrypted in addition to the encryption that the VPN provides.
add a comment |
The other answers so far give you enough to do about this concrete situation.
However it should be noted that you have noticed a situation that may be an attempt to invade your private data. There are other situations when this kind of attack is less detectable. E.g. if your neighbour knows your Wifi-Password, which you could have told them when they kindly asked, because they were new in the house and there own uplink was not ready yet. But worst of all: If you are on an unencrypted Wifi (or one where the password is commonly known) such has Hotel or Airport Wifi, these attacks will be very hard to detect, because the attacker can set up the wifi with EXACTLY the same settings (same password and same SSID) and your devices will automatically connect to the strongest signal and never tell you that it made a choice.
The only option to actually stay safe is to encrypt ALL your traffic. Never enter your password, emailaddress, credit card number or any other information on a website that is not SSL/TLS encrypted. Consider downloads from unencrypted websites as compromised (malware could have been injected). Before entering/downloading data on an encrypted website, check that you are on the right domain (google.com, not giigle.com. SSL will not help if you are on a domain you do not want to talk to). Install HTTPS-Everywhere or the like Also remember that there are other services than your webbrowser that might transmit data, such as an IMAP email client. Make sure it also only operates on encrypted connections. Nowadays, there is hardly any reason not encrypt all your traffic, nevertheless some developers are just to lazy etc. If you need to use some application that does not support SSL or a similar security measure, then use a VPN. Note that the VPN provider will then still be able to read all your traffic which is not encrypted in addition to the encryption that the VPN provides.
The other answers so far give you enough to do about this concrete situation.
However it should be noted that you have noticed a situation that may be an attempt to invade your private data. There are other situations when this kind of attack is less detectable. E.g. if your neighbour knows your Wifi-Password, which you could have told them when they kindly asked, because they were new in the house and there own uplink was not ready yet. But worst of all: If you are on an unencrypted Wifi (or one where the password is commonly known) such has Hotel or Airport Wifi, these attacks will be very hard to detect, because the attacker can set up the wifi with EXACTLY the same settings (same password and same SSID) and your devices will automatically connect to the strongest signal and never tell you that it made a choice.
The only option to actually stay safe is to encrypt ALL your traffic. Never enter your password, emailaddress, credit card number or any other information on a website that is not SSL/TLS encrypted. Consider downloads from unencrypted websites as compromised (malware could have been injected). Before entering/downloading data on an encrypted website, check that you are on the right domain (google.com, not giigle.com. SSL will not help if you are on a domain you do not want to talk to). Install HTTPS-Everywhere or the like Also remember that there are other services than your webbrowser that might transmit data, such as an IMAP email client. Make sure it also only operates on encrypted connections. Nowadays, there is hardly any reason not encrypt all your traffic, nevertheless some developers are just to lazy etc. If you need to use some application that does not support SSL or a similar security measure, then use a VPN. Note that the VPN provider will then still be able to read all your traffic which is not encrypted in addition to the encryption that the VPN provides.
answered Jun 13 '17 at 19:01
yankeeyankee
495515
495515
add a comment |
add a comment |
IF it is a hacking attempt, it is being enacted by someone who is ignorant. Each SSID can be protected by a password of some kind and with some kind of cryptographic strength.
Simply having another access point configured with the same name as a near by access point is the same thing as this:
My name is Steve Smith and I've just moved into a house. And as it
happens to be true, my next door neighbor's
name is Steve Smith. But just because my neighbor and I have the same
name, does not mean the key to my front door will work on his front
door .... Nor does it mean that my door key will magically re-key
itself so that it also works on his door ...
and THAT is how silly it really is in terms of looking at this from a possible hacking scenario ...
Your answers:
1) Is this a ploy at hacking?
- Maybe, but it won't work.
2) Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?
- They might be, but it doesn't matter, since it won't work.
1
Kindly provide a solution to OP not just comments
– yass
Jun 14 '17 at 15:30
add a comment |
IF it is a hacking attempt, it is being enacted by someone who is ignorant. Each SSID can be protected by a password of some kind and with some kind of cryptographic strength.
Simply having another access point configured with the same name as a near by access point is the same thing as this:
My name is Steve Smith and I've just moved into a house. And as it
happens to be true, my next door neighbor's
name is Steve Smith. But just because my neighbor and I have the same
name, does not mean the key to my front door will work on his front
door .... Nor does it mean that my door key will magically re-key
itself so that it also works on his door ...
and THAT is how silly it really is in terms of looking at this from a possible hacking scenario ...
Your answers:
1) Is this a ploy at hacking?
- Maybe, but it won't work.
2) Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?
- They might be, but it doesn't matter, since it won't work.
1
Kindly provide a solution to OP not just comments
– yass
Jun 14 '17 at 15:30
add a comment |
IF it is a hacking attempt, it is being enacted by someone who is ignorant. Each SSID can be protected by a password of some kind and with some kind of cryptographic strength.
Simply having another access point configured with the same name as a near by access point is the same thing as this:
My name is Steve Smith and I've just moved into a house. And as it
happens to be true, my next door neighbor's
name is Steve Smith. But just because my neighbor and I have the same
name, does not mean the key to my front door will work on his front
door .... Nor does it mean that my door key will magically re-key
itself so that it also works on his door ...
and THAT is how silly it really is in terms of looking at this from a possible hacking scenario ...
Your answers:
1) Is this a ploy at hacking?
- Maybe, but it won't work.
2) Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?
- They might be, but it doesn't matter, since it won't work.
IF it is a hacking attempt, it is being enacted by someone who is ignorant. Each SSID can be protected by a password of some kind and with some kind of cryptographic strength.
Simply having another access point configured with the same name as a near by access point is the same thing as this:
My name is Steve Smith and I've just moved into a house. And as it
happens to be true, my next door neighbor's
name is Steve Smith. But just because my neighbor and I have the same
name, does not mean the key to my front door will work on his front
door .... Nor does it mean that my door key will magically re-key
itself so that it also works on his door ...
and THAT is how silly it really is in terms of looking at this from a possible hacking scenario ...
Your answers:
1) Is this a ploy at hacking?
- Maybe, but it won't work.
2) Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?
- They might be, but it doesn't matter, since it won't work.
edited Dec 2 '17 at 12:52
answered Jun 14 '17 at 15:27
Michael SimsMichael Sims
1112
1112
1
Kindly provide a solution to OP not just comments
– yass
Jun 14 '17 at 15:30
add a comment |
1
Kindly provide a solution to OP not just comments
– yass
Jun 14 '17 at 15:30
1
1
Kindly provide a solution to OP not just comments
– yass
Jun 14 '17 at 15:30
Kindly provide a solution to OP not just comments
– yass
Jun 14 '17 at 15:30
add a comment |
The answer is fairly simple,
IF it isn't yours, which you can check by disabling the chromecast and your router (also make sure other AP's are disabled).
If it still persist, it's most likely an attempt to monitor your traffic, in most cases it can't cause any harm, except if you use a lot of unencrypted sites (HTTP) instead off encrypted ones (HTTPS).
If you use HTTP, anything you send will be send as plain text, meaning that if your password is "123abc" they'd be able to see "123abc" as well.
A program which is able to undermine your traffic is for example WireShark.
add a comment |
The answer is fairly simple,
IF it isn't yours, which you can check by disabling the chromecast and your router (also make sure other AP's are disabled).
If it still persist, it's most likely an attempt to monitor your traffic, in most cases it can't cause any harm, except if you use a lot of unencrypted sites (HTTP) instead off encrypted ones (HTTPS).
If you use HTTP, anything you send will be send as plain text, meaning that if your password is "123abc" they'd be able to see "123abc" as well.
A program which is able to undermine your traffic is for example WireShark.
add a comment |
The answer is fairly simple,
IF it isn't yours, which you can check by disabling the chromecast and your router (also make sure other AP's are disabled).
If it still persist, it's most likely an attempt to monitor your traffic, in most cases it can't cause any harm, except if you use a lot of unencrypted sites (HTTP) instead off encrypted ones (HTTPS).
If you use HTTP, anything you send will be send as plain text, meaning that if your password is "123abc" they'd be able to see "123abc" as well.
A program which is able to undermine your traffic is for example WireShark.
The answer is fairly simple,
IF it isn't yours, which you can check by disabling the chromecast and your router (also make sure other AP's are disabled).
If it still persist, it's most likely an attempt to monitor your traffic, in most cases it can't cause any harm, except if you use a lot of unencrypted sites (HTTP) instead off encrypted ones (HTTPS).
If you use HTTP, anything you send will be send as plain text, meaning that if your password is "123abc" they'd be able to see "123abc" as well.
A program which is able to undermine your traffic is for example WireShark.
edited Jun 14 '17 at 16:04
yass
2,4153618
2,4153618
answered Jun 14 '17 at 12:59
Marnix MulderMarnix Mulder
1
1
add a comment |
add a comment |
If it was a hacking ploy, the network SSID would be exactly the same as yours and open - so that you would connect to it automatically (if they had stronger signal) and you wouldn't notice.
I often do this to my neighbours at weekends when they are playing youtube on their laptop or phone after 1am - basically clone their network (only one unique SSID allowed) and put a password - it stops them as they go out of signal and come back in and they've not ever figured it out. They just think the WiFi is broken again.
If I left it open, no password - they would connect and I would be able to perform a DNS reroute or man in the middle attack and monitor their net activity or other things that might be considered illegal - sure they might tap in my router IP and see connected devices - but it doesn't happen.
As a security analyst, I would consider that a network ID such as "bestfriend" has simply made a new "BestFriend".
If it was a real hacking ploy - it would be the exact same SSID and open network and you likely wouldn't notice as you reconnected to WiFi, as likley there is autoconnect to name.
It's a very old trick - take a laptop into a coffeeshop and DNS reroute from a wireless dongle to their login site - get people's traffic.
One reason why card readers often work off the WiFi and are hard-lined to the bank - it's too easy to MiM a Starbuck's network and another few seconds to watch the image cache of every device - hotels too, that use repeaters for extended WiFi.
Esp. in USA, where some hotels do not even have a password and are very tall.
Sniff that in a few seconds and even access the main desk machines or backoffice from a telephone, sometimes.
(I've had network names such as "I've seen you naked" and someone's changed theirs to "me too" and "I don't want to see you naked". Or sent messages - eg, "working shifts", so neighbours know that it's ok to party all night, but please don't wake me by knocking my door for a chat because I'll be asleep at 0800).
add a comment |
If it was a hacking ploy, the network SSID would be exactly the same as yours and open - so that you would connect to it automatically (if they had stronger signal) and you wouldn't notice.
I often do this to my neighbours at weekends when they are playing youtube on their laptop or phone after 1am - basically clone their network (only one unique SSID allowed) and put a password - it stops them as they go out of signal and come back in and they've not ever figured it out. They just think the WiFi is broken again.
If I left it open, no password - they would connect and I would be able to perform a DNS reroute or man in the middle attack and monitor their net activity or other things that might be considered illegal - sure they might tap in my router IP and see connected devices - but it doesn't happen.
As a security analyst, I would consider that a network ID such as "bestfriend" has simply made a new "BestFriend".
If it was a real hacking ploy - it would be the exact same SSID and open network and you likely wouldn't notice as you reconnected to WiFi, as likley there is autoconnect to name.
It's a very old trick - take a laptop into a coffeeshop and DNS reroute from a wireless dongle to their login site - get people's traffic.
One reason why card readers often work off the WiFi and are hard-lined to the bank - it's too easy to MiM a Starbuck's network and another few seconds to watch the image cache of every device - hotels too, that use repeaters for extended WiFi.
Esp. in USA, where some hotels do not even have a password and are very tall.
Sniff that in a few seconds and even access the main desk machines or backoffice from a telephone, sometimes.
(I've had network names such as "I've seen you naked" and someone's changed theirs to "me too" and "I don't want to see you naked". Or sent messages - eg, "working shifts", so neighbours know that it's ok to party all night, but please don't wake me by knocking my door for a chat because I'll be asleep at 0800).
add a comment |
If it was a hacking ploy, the network SSID would be exactly the same as yours and open - so that you would connect to it automatically (if they had stronger signal) and you wouldn't notice.
I often do this to my neighbours at weekends when they are playing youtube on their laptop or phone after 1am - basically clone their network (only one unique SSID allowed) and put a password - it stops them as they go out of signal and come back in and they've not ever figured it out. They just think the WiFi is broken again.
If I left it open, no password - they would connect and I would be able to perform a DNS reroute or man in the middle attack and monitor their net activity or other things that might be considered illegal - sure they might tap in my router IP and see connected devices - but it doesn't happen.
As a security analyst, I would consider that a network ID such as "bestfriend" has simply made a new "BestFriend".
If it was a real hacking ploy - it would be the exact same SSID and open network and you likely wouldn't notice as you reconnected to WiFi, as likley there is autoconnect to name.
It's a very old trick - take a laptop into a coffeeshop and DNS reroute from a wireless dongle to their login site - get people's traffic.
One reason why card readers often work off the WiFi and are hard-lined to the bank - it's too easy to MiM a Starbuck's network and another few seconds to watch the image cache of every device - hotels too, that use repeaters for extended WiFi.
Esp. in USA, where some hotels do not even have a password and are very tall.
Sniff that in a few seconds and even access the main desk machines or backoffice from a telephone, sometimes.
(I've had network names such as "I've seen you naked" and someone's changed theirs to "me too" and "I don't want to see you naked". Or sent messages - eg, "working shifts", so neighbours know that it's ok to party all night, but please don't wake me by knocking my door for a chat because I'll be asleep at 0800).
If it was a hacking ploy, the network SSID would be exactly the same as yours and open - so that you would connect to it automatically (if they had stronger signal) and you wouldn't notice.
I often do this to my neighbours at weekends when they are playing youtube on their laptop or phone after 1am - basically clone their network (only one unique SSID allowed) and put a password - it stops them as they go out of signal and come back in and they've not ever figured it out. They just think the WiFi is broken again.
If I left it open, no password - they would connect and I would be able to perform a DNS reroute or man in the middle attack and monitor their net activity or other things that might be considered illegal - sure they might tap in my router IP and see connected devices - but it doesn't happen.
As a security analyst, I would consider that a network ID such as "bestfriend" has simply made a new "BestFriend".
If it was a real hacking ploy - it would be the exact same SSID and open network and you likely wouldn't notice as you reconnected to WiFi, as likley there is autoconnect to name.
It's a very old trick - take a laptop into a coffeeshop and DNS reroute from a wireless dongle to their login site - get people's traffic.
One reason why card readers often work off the WiFi and are hard-lined to the bank - it's too easy to MiM a Starbuck's network and another few seconds to watch the image cache of every device - hotels too, that use repeaters for extended WiFi.
Esp. in USA, where some hotels do not even have a password and are very tall.
Sniff that in a few seconds and even access the main desk machines or backoffice from a telephone, sometimes.
(I've had network names such as "I've seen you naked" and someone's changed theirs to "me too" and "I don't want to see you naked". Or sent messages - eg, "working shifts", so neighbours know that it's ok to party all night, but please don't wake me by knocking my door for a chat because I'll be asleep at 0800).
edited Dec 31 '18 at 0:41
answered Dec 31 '18 at 0:34
Some guySome guy
11
11
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1217160%2fssid-with-very-similar-name-is-this-an-attempt-of-hacking%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
50
more people should take security this seriously. Its possible, if it is a targeted attack we call these rogue access points, where you mimic the name of someone else and see if clients connect to it. But we'll need more information, what exactly is the name of your network (ESSID) and how many people use it? Is this personal network? who else knows about this network? does your girlfriend have an ex that wants to get back together with her? you get the idea... some details would be good.
– Nalaurien
Jun 8 '17 at 7:58
57
...maybe they are just politely asking you to change the capitalization of your SSID to a "more correct one" because it bothers them when they see it on their available networks list? I can imagine myself doing that... "Never attribute to malice that which is adequately explained by extreme nitpicking" (?)
– xDaizu
Jun 8 '17 at 10:55
21
Connect to the network with a throwaway machine and try to scan the entire subnet with nmap to see what they're up to.
– André Borie
Jun 8 '17 at 14:26
21
Could just be chance. You'd be amazed at how popular some SSIDs (eg. variations on "FBI Surveillance Van") are.
– Mark
Jun 8 '17 at 18:28
18
tread carefully and dont ignore SSL/TLS errors!
– n00b
Jun 8 '17 at 19:05