SSID with very similar name, is this an attempt of hacking?












140















I noticed that another SSID pops up in my WiFi with the same name as mine (quite personal so could've only been intentionally copied) but a couple of the letters are capitalized. Their version has no security. Mine has WPA-PSK2. I tested it to be sure by unplugging my router and while mine disappeared after a while, theirs remained.



Is this a ploy at hacking? Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?



Example:




  • My SSID: bestfriend

  • Their SSID: BestFriend (with capital B & F)










share|improve this question




















  • 50





    more people should take security this seriously. Its possible, if it is a targeted attack we call these rogue access points, where you mimic the name of someone else and see if clients connect to it. But we'll need more information, what exactly is the name of your network (ESSID) and how many people use it? Is this personal network? who else knows about this network? does your girlfriend have an ex that wants to get back together with her? you get the idea... some details would be good.

    – Nalaurien
    Jun 8 '17 at 7:58








  • 57





    ...maybe they are just politely asking you to change the capitalization of your SSID to a "more correct one" because it bothers them when they see it on their available networks list? I can imagine myself doing that... "Never attribute to malice that which is adequately explained by extreme nitpicking" (?)

    – xDaizu
    Jun 8 '17 at 10:55








  • 21





    Connect to the network with a throwaway machine and try to scan the entire subnet with nmap to see what they're up to.

    – André Borie
    Jun 8 '17 at 14:26






  • 21





    Could just be chance. You'd be amazed at how popular some SSIDs (eg. variations on "FBI Surveillance Van") are.

    – Mark
    Jun 8 '17 at 18:28






  • 18





    tread carefully and dont ignore SSL/TLS errors!

    – n00b
    Jun 8 '17 at 19:05


















140















I noticed that another SSID pops up in my WiFi with the same name as mine (quite personal so could've only been intentionally copied) but a couple of the letters are capitalized. Their version has no security. Mine has WPA-PSK2. I tested it to be sure by unplugging my router and while mine disappeared after a while, theirs remained.



Is this a ploy at hacking? Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?



Example:




  • My SSID: bestfriend

  • Their SSID: BestFriend (with capital B & F)










share|improve this question




















  • 50





    more people should take security this seriously. Its possible, if it is a targeted attack we call these rogue access points, where you mimic the name of someone else and see if clients connect to it. But we'll need more information, what exactly is the name of your network (ESSID) and how many people use it? Is this personal network? who else knows about this network? does your girlfriend have an ex that wants to get back together with her? you get the idea... some details would be good.

    – Nalaurien
    Jun 8 '17 at 7:58








  • 57





    ...maybe they are just politely asking you to change the capitalization of your SSID to a "more correct one" because it bothers them when they see it on their available networks list? I can imagine myself doing that... "Never attribute to malice that which is adequately explained by extreme nitpicking" (?)

    – xDaizu
    Jun 8 '17 at 10:55








  • 21





    Connect to the network with a throwaway machine and try to scan the entire subnet with nmap to see what they're up to.

    – André Borie
    Jun 8 '17 at 14:26






  • 21





    Could just be chance. You'd be amazed at how popular some SSIDs (eg. variations on "FBI Surveillance Van") are.

    – Mark
    Jun 8 '17 at 18:28






  • 18





    tread carefully and dont ignore SSL/TLS errors!

    – n00b
    Jun 8 '17 at 19:05
















140












140








140


33






I noticed that another SSID pops up in my WiFi with the same name as mine (quite personal so could've only been intentionally copied) but a couple of the letters are capitalized. Their version has no security. Mine has WPA-PSK2. I tested it to be sure by unplugging my router and while mine disappeared after a while, theirs remained.



Is this a ploy at hacking? Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?



Example:




  • My SSID: bestfriend

  • Their SSID: BestFriend (with capital B & F)










share|improve this question
















I noticed that another SSID pops up in my WiFi with the same name as mine (quite personal so could've only been intentionally copied) but a couple of the letters are capitalized. Their version has no security. Mine has WPA-PSK2. I tested it to be sure by unplugging my router and while mine disappeared after a while, theirs remained.



Is this a ploy at hacking? Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?



Example:




  • My SSID: bestfriend

  • Their SSID: BestFriend (with capital B & F)







wireless-networking router ssid






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jun 8 '17 at 12:41









Andrew T.

2051211




2051211










asked Jun 8 '17 at 7:18









K. PickK. Pick

704243




704243








  • 50





    more people should take security this seriously. Its possible, if it is a targeted attack we call these rogue access points, where you mimic the name of someone else and see if clients connect to it. But we'll need more information, what exactly is the name of your network (ESSID) and how many people use it? Is this personal network? who else knows about this network? does your girlfriend have an ex that wants to get back together with her? you get the idea... some details would be good.

    – Nalaurien
    Jun 8 '17 at 7:58








  • 57





    ...maybe they are just politely asking you to change the capitalization of your SSID to a "more correct one" because it bothers them when they see it on their available networks list? I can imagine myself doing that... "Never attribute to malice that which is adequately explained by extreme nitpicking" (?)

    – xDaizu
    Jun 8 '17 at 10:55








  • 21





    Connect to the network with a throwaway machine and try to scan the entire subnet with nmap to see what they're up to.

    – André Borie
    Jun 8 '17 at 14:26






  • 21





    Could just be chance. You'd be amazed at how popular some SSIDs (eg. variations on "FBI Surveillance Van") are.

    – Mark
    Jun 8 '17 at 18:28






  • 18





    tread carefully and dont ignore SSL/TLS errors!

    – n00b
    Jun 8 '17 at 19:05
















  • 50





    more people should take security this seriously. Its possible, if it is a targeted attack we call these rogue access points, where you mimic the name of someone else and see if clients connect to it. But we'll need more information, what exactly is the name of your network (ESSID) and how many people use it? Is this personal network? who else knows about this network? does your girlfriend have an ex that wants to get back together with her? you get the idea... some details would be good.

    – Nalaurien
    Jun 8 '17 at 7:58








  • 57





    ...maybe they are just politely asking you to change the capitalization of your SSID to a "more correct one" because it bothers them when they see it on their available networks list? I can imagine myself doing that... "Never attribute to malice that which is adequately explained by extreme nitpicking" (?)

    – xDaizu
    Jun 8 '17 at 10:55








  • 21





    Connect to the network with a throwaway machine and try to scan the entire subnet with nmap to see what they're up to.

    – André Borie
    Jun 8 '17 at 14:26






  • 21





    Could just be chance. You'd be amazed at how popular some SSIDs (eg. variations on "FBI Surveillance Van") are.

    – Mark
    Jun 8 '17 at 18:28






  • 18





    tread carefully and dont ignore SSL/TLS errors!

    – n00b
    Jun 8 '17 at 19:05










50




50





more people should take security this seriously. Its possible, if it is a targeted attack we call these rogue access points, where you mimic the name of someone else and see if clients connect to it. But we'll need more information, what exactly is the name of your network (ESSID) and how many people use it? Is this personal network? who else knows about this network? does your girlfriend have an ex that wants to get back together with her? you get the idea... some details would be good.

– Nalaurien
Jun 8 '17 at 7:58







more people should take security this seriously. Its possible, if it is a targeted attack we call these rogue access points, where you mimic the name of someone else and see if clients connect to it. But we'll need more information, what exactly is the name of your network (ESSID) and how many people use it? Is this personal network? who else knows about this network? does your girlfriend have an ex that wants to get back together with her? you get the idea... some details would be good.

– Nalaurien
Jun 8 '17 at 7:58






57




57





...maybe they are just politely asking you to change the capitalization of your SSID to a "more correct one" because it bothers them when they see it on their available networks list? I can imagine myself doing that... "Never attribute to malice that which is adequately explained by extreme nitpicking" (?)

– xDaizu
Jun 8 '17 at 10:55







...maybe they are just politely asking you to change the capitalization of your SSID to a "more correct one" because it bothers them when they see it on their available networks list? I can imagine myself doing that... "Never attribute to malice that which is adequately explained by extreme nitpicking" (?)

– xDaizu
Jun 8 '17 at 10:55






21




21





Connect to the network with a throwaway machine and try to scan the entire subnet with nmap to see what they're up to.

– André Borie
Jun 8 '17 at 14:26





Connect to the network with a throwaway machine and try to scan the entire subnet with nmap to see what they're up to.

– André Borie
Jun 8 '17 at 14:26




21




21





Could just be chance. You'd be amazed at how popular some SSIDs (eg. variations on "FBI Surveillance Van") are.

– Mark
Jun 8 '17 at 18:28





Could just be chance. You'd be amazed at how popular some SSIDs (eg. variations on "FBI Surveillance Van") are.

– Mark
Jun 8 '17 at 18:28




18




18





tread carefully and dont ignore SSL/TLS errors!

– n00b
Jun 8 '17 at 19:05







tread carefully and dont ignore SSL/TLS errors!

– n00b
Jun 8 '17 at 19:05












11 Answers
11






active

oldest

votes


















130














Yes, it is most likely some kind of hacking ploy, although it's a guess as to why.



I do point out that locking your router down to specific MAC addresses might provide a tiny bit of security, but not much.



It's also unlikely that their actions are designed to hack your network - they are more likely to try and capture your traffic.



If it were me, I would take advantage of them - I'd get a cheap VPN and some dedicated hardware (low spec PC, large hard drive), connect it up to the VPN and their network and leach hard. Because you are using a VPN they won't be able to intercept your traffic but you can consume all their bandwidth until they wake up. (And you have plausible deniability "Hey, I thought I was connected to my AP - I used the SSID of my device)



Couple of other things to mull over -
It's conceivable that both of these APs are actually yours - one in the 2.4 gig band, one in the 5 gig band, and the 5 gig band is simply not encrypted. Check your router configuration to rule this out and/or some kind of Wifi Analyser (There are a few available from the Play store for Android) to help you work out where the signals are coming from by looking at signal strength.



Watch out for de-auth packets. If they are trying to hack your systems it would not surprise me if they are trying to send de-auth packets to interfere with your connections to increase the chance that someone on your network tries to connect to them.






share|improve this answer





















  • 113





    He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.

    – LPChip
    Jun 8 '17 at 8:54






  • 13





    How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?

    – Mehrdad
    Jun 9 '17 at 1:19






  • 20





    @Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)

    – davidgo
    Jun 9 '17 at 2:47








  • 17





    @Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!

    – Auspex
    Jun 9 '17 at 13:16






  • 3





    Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.

    – StockB
    Jun 9 '17 at 16:15



















56














It sounds to me that this is something called "Evil Twin".



Basically the attacker creates a network that mimics yours so you (or your machine all by itself) connect to that instead. He achieves that by, as davidgo said, sending de-auth packets to your router so you have to reconnect. By changing the MAC-Address of his own router to the one of yours, your computer automatically connects to the attackers network instead (given that its signal is stronger).
This allows the attacker to further harm you by Man-In-The-Middle Attacks or a fake DNS that redirects common websites to phishing sites.



Now you could do some science here and try to prove that this is indeed an attacker with bad intentions and report it, or simply take advantage of "free traffic" but since there might be some DNS shenanigans going on you could risk giving away sensitive information when not being careful while filling out forms.






share|improve this answer



















  • 54





    Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."

    – Corey Ogburn
    Jun 8 '17 at 15:17






  • 3





    Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?

    – JimmyB
    Jun 9 '17 at 13:20






  • 7





    @JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.

    – Kevin Fee
    Jun 9 '17 at 20:24






  • 3





    If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.

    – pHeoz
    Jun 12 '17 at 15:26






  • 1





    @JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering

    – BlueCacti
    Jun 13 '17 at 11:12



















43














I ran into a similar "issue" earlier this year while debugging wireless connectivity issues.



My suggestion is a question: do you own a chromecast?



The connectivity issues ended up being entirely the service provider's fault, but I was really stuck on this red herring SSID. By using a wifi signal strength analyzer app on my phone I tracked it down to the chromecast (which was an alternate capitalization of my wifi SSID), and there was much relief.



EDIT:. It is important to note that the Chromecast only needs power (not "internet") to host its own wifi, it will both connect to a wifi as well as hosting its own. You can connect to this but it doesn't do anything unless you are configuring it via the app






share|improve this answer





















  • 3





    Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.

    – K. Pick
    Jun 11 '17 at 19:08











  • I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)

    – K. Pick
    Jun 11 '17 at 19:12








  • 1





    @K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.

    – emed
    Jun 12 '17 at 17:50








  • 2





    This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.

    – KalleMP
    Jun 13 '17 at 18:15








  • 21





    @K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.

    – yankee
    Jun 13 '17 at 19:06



















14














Well - you seem to be taking security quite seriously. It is possible someone is trying to trick people joining the other network. Best way to start looking at this would be to change your SSID to something different - and also quite specific, for example a word with some digits substituting for letters and see if that SSID changes to similar to yours - perhaps your will be st0pthis and theirs StopThis. If you do record their SSID MAC address beforehand to see if the other SSID changed you can be even more suspicious.



A good way on linux to see MAC addresses is iwlist YourInterfaceName scanning | egrep 'Cell |Encryption|Quality|Last beacon|ESSID' And of course you can and indeed should monitor your network for changes and suspicious activity as well keep your machines updated.






share|improve this answer





















  • 2





    @r0berts Should implies choice with a strong recommendation.

    – wizzwizz4
    Jun 9 '17 at 19:08











  • I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )

    – r0berts
    Jun 9 '17 at 19:19






  • 1





    Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...

    – a CVn
    Jun 10 '17 at 15:19













  • I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.

    – r0berts
    Jun 13 '17 at 10:20



















11














Simple trick,



Change your SSID and hide it see what happens.
If they copy your SSID again then you know you’re in trouble.



Extreme mode



Change your local DHCP network range to something that isn’t used on the open network



Configure a static IP if possible so your PC can't use the open WiFi



Configure your WiFi settings on your PC not to use open WiFi hotspots



Change your WiFi password to something like this:
HSAEz2ukki3ke2gu12WNuSDdDRxR3e



Change your admin password on your router just to make sure.
And finally use a VPN client on all your devices (also phones)



You use MAC filtering and that’s a good low level security feature.
Finally, use third party firewall and AV software and set the settings to annoyingly secure so you have to approve almost every action which has to do something with internet or network activity.



Once you get used to these things it will get easier to maintain and your firewall will relax because it learns from your actions.



Keep us posted! :)






share|improve this answer

































    10














    Yes, this is exactly what you think it is: someone is trying to trick you to join their network by mistake. Don't connect to it. If you realize you just did, run an antivirus scan and remove whatever data you have been downloading as it cannot be trusted. If you happened to also send sensitive data like a password over this rogue connection, change it right away.



    If this access point won't go away after a while, I suggest you take a reasonable effort to make it stop (like asking your neighbors to stop that or tell their kids to stop). A device capable of showing the WiFi signal strength, like a cellphone, should allow you to track down the location of this access point precisely enough.






    share|improve this answer
























    • The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.

      – Rowan Hawkins
      Jun 13 '17 at 23:14



















    9














    A lot of times people with security concerns are just being paranoid. In this case, you have a very legitimate cause for concern.



    Don't conclude maliciousness 100%, it could be an IT savvy neighbor trying to prank you, let's say by redirecting website requests to a joke site. Or someone who tried to set up their own network and just happened to imitate yours (but I am inclined to doubt that, any router nowadays will have a password requirement by default). But basically, the person would be able to see a lot of your traffic, which websites you visit, what you send and receive, apart from what's encrypted (and much is not encrypted). That could be for blackmail, espionage, stalking. On the other hand, it's not super sophisticated and quite easy to discover, so who knows.



    More importantly, this isn't some generic mass global attack by foreign hackers, it means a physical access point is located near or in your house. If I was you, I would not alert them, but try to find it. If you have a fuse box, switch off power one course at a time, and wait five minutes and see if the access point disappears. That will tell you if it's something in your house. Otherwise you can use triangulation, a signal strength with GPS logger on your phone and take a walk through the neighborhood, or a Pringles can to find out roughly where it is. You might find an old ex with a knife, a buried box, or a neighbor's nerdy kids. If they care enough to do this, they might also have an audio bug. First track down generally where it is, and if it's inside someone's house, then you might want to call a bodyguard from work and go knocking on doors.






    share|improve this answer



















    • 2





      I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.

      – KalleMP
      Jun 13 '17 at 18:12













    • The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.

      – K. Pick
      Jun 18 '17 at 23:11



















    2














    The other answers so far give you enough to do about this concrete situation.



    However it should be noted that you have noticed a situation that may be an attempt to invade your private data. There are other situations when this kind of attack is less detectable. E.g. if your neighbour knows your Wifi-Password, which you could have told them when they kindly asked, because they were new in the house and there own uplink was not ready yet. But worst of all: If you are on an unencrypted Wifi (or one where the password is commonly known) such has Hotel or Airport Wifi, these attacks will be very hard to detect, because the attacker can set up the wifi with EXACTLY the same settings (same password and same SSID) and your devices will automatically connect to the strongest signal and never tell you that it made a choice.



    The only option to actually stay safe is to encrypt ALL your traffic. Never enter your password, emailaddress, credit card number or any other information on a website that is not SSL/TLS encrypted. Consider downloads from unencrypted websites as compromised (malware could have been injected). Before entering/downloading data on an encrypted website, check that you are on the right domain (google.com, not giigle.com. SSL will not help if you are on a domain you do not want to talk to). Install HTTPS-Everywhere or the like Also remember that there are other services than your webbrowser that might transmit data, such as an IMAP email client. Make sure it also only operates on encrypted connections. Nowadays, there is hardly any reason not encrypt all your traffic, nevertheless some developers are just to lazy etc. If you need to use some application that does not support SSL or a similar security measure, then use a VPN. Note that the VPN provider will then still be able to read all your traffic which is not encrypted in addition to the encryption that the VPN provides.






    share|improve this answer































      1














      IF it is a hacking attempt, it is being enacted by someone who is ignorant. Each SSID can be protected by a password of some kind and with some kind of cryptographic strength.



      Simply having another access point configured with the same name as a near by access point is the same thing as this:




      My name is Steve Smith and I've just moved into a house. And as it
      happens to be true, my next door neighbor's
      name is Steve Smith. But just because my neighbor and I have the same
      name, does not mean the key to my front door will work on his front
      door .... Nor does it mean that my door key will magically re-key
      itself so that it also works on his door ...




      and THAT is how silly it really is in terms of looking at this from a possible hacking scenario ...



      Your answers:



      1) Is this a ploy at hacking?



       - Maybe, but it won't work.


      2) Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?



       - They might be, but it doesn't matter, since it won't work. 





      share|improve this answer





















      • 1





        Kindly provide a solution to OP not just comments

        – yass
        Jun 14 '17 at 15:30



















      0














      The answer is fairly simple,
      IF it isn't yours, which you can check by disabling the chromecast and your router (also make sure other AP's are disabled).



      If it still persist, it's most likely an attempt to monitor your traffic, in most cases it can't cause any harm, except if you use a lot of unencrypted sites (HTTP) instead off encrypted ones (HTTPS).



      If you use HTTP, anything you send will be send as plain text, meaning that if your password is "123abc" they'd be able to see "123abc" as well.



      A program which is able to undermine your traffic is for example WireShark.






      share|improve this answer

































        0














        If it was a hacking ploy, the network SSID would be exactly the same as yours and open - so that you would connect to it automatically (if they had stronger signal) and you wouldn't notice.



        I often do this to my neighbours at weekends when they are playing youtube on their laptop or phone after 1am - basically clone their network (only one unique SSID allowed) and put a password - it stops them as they go out of signal and come back in and they've not ever figured it out. They just think the WiFi is broken again.



        If I left it open, no password - they would connect and I would be able to perform a DNS reroute or man in the middle attack and monitor their net activity or other things that might be considered illegal - sure they might tap in my router IP and see connected devices - but it doesn't happen.



        As a security analyst, I would consider that a network ID such as "bestfriend" has simply made a new "BestFriend".



        If it was a real hacking ploy - it would be the exact same SSID and open network and you likely wouldn't notice as you reconnected to WiFi, as likley there is autoconnect to name.



        It's a very old trick - take a laptop into a coffeeshop and DNS reroute from a wireless dongle to their login site - get people's traffic.



        One reason why card readers often work off the WiFi and are hard-lined to the bank - it's too easy to MiM a Starbuck's network and another few seconds to watch the image cache of every device - hotels too, that use repeaters for extended WiFi.



        Esp. in USA, where some hotels do not even have a password and are very tall.
        Sniff that in a few seconds and even access the main desk machines or backoffice from a telephone, sometimes.



        (I've had network names such as "I've seen you naked" and someone's changed theirs to "me too" and "I don't want to see you naked". Or sent messages - eg, "working shifts", so neighbours know that it's ok to party all night, but please don't wake me by knocking my door for a chat because I'll be asleep at 0800).






        share|improve this answer

























          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1217160%2fssid-with-very-similar-name-is-this-an-attempt-of-hacking%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          11 Answers
          11






          active

          oldest

          votes








          11 Answers
          11






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          130














          Yes, it is most likely some kind of hacking ploy, although it's a guess as to why.



          I do point out that locking your router down to specific MAC addresses might provide a tiny bit of security, but not much.



          It's also unlikely that their actions are designed to hack your network - they are more likely to try and capture your traffic.



          If it were me, I would take advantage of them - I'd get a cheap VPN and some dedicated hardware (low spec PC, large hard drive), connect it up to the VPN and their network and leach hard. Because you are using a VPN they won't be able to intercept your traffic but you can consume all their bandwidth until they wake up. (And you have plausible deniability "Hey, I thought I was connected to my AP - I used the SSID of my device)



          Couple of other things to mull over -
          It's conceivable that both of these APs are actually yours - one in the 2.4 gig band, one in the 5 gig band, and the 5 gig band is simply not encrypted. Check your router configuration to rule this out and/or some kind of Wifi Analyser (There are a few available from the Play store for Android) to help you work out where the signals are coming from by looking at signal strength.



          Watch out for de-auth packets. If they are trying to hack your systems it would not surprise me if they are trying to send de-auth packets to interfere with your connections to increase the chance that someone on your network tries to connect to them.






          share|improve this answer





















          • 113





            He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.

            – LPChip
            Jun 8 '17 at 8:54






          • 13





            How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?

            – Mehrdad
            Jun 9 '17 at 1:19






          • 20





            @Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)

            – davidgo
            Jun 9 '17 at 2:47








          • 17





            @Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!

            – Auspex
            Jun 9 '17 at 13:16






          • 3





            Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.

            – StockB
            Jun 9 '17 at 16:15
















          130














          Yes, it is most likely some kind of hacking ploy, although it's a guess as to why.



          I do point out that locking your router down to specific MAC addresses might provide a tiny bit of security, but not much.



          It's also unlikely that their actions are designed to hack your network - they are more likely to try and capture your traffic.



          If it were me, I would take advantage of them - I'd get a cheap VPN and some dedicated hardware (low spec PC, large hard drive), connect it up to the VPN and their network and leach hard. Because you are using a VPN they won't be able to intercept your traffic but you can consume all their bandwidth until they wake up. (And you have plausible deniability "Hey, I thought I was connected to my AP - I used the SSID of my device)



          Couple of other things to mull over -
          It's conceivable that both of these APs are actually yours - one in the 2.4 gig band, one in the 5 gig band, and the 5 gig band is simply not encrypted. Check your router configuration to rule this out and/or some kind of Wifi Analyser (There are a few available from the Play store for Android) to help you work out where the signals are coming from by looking at signal strength.



          Watch out for de-auth packets. If they are trying to hack your systems it would not surprise me if they are trying to send de-auth packets to interfere with your connections to increase the chance that someone on your network tries to connect to them.






          share|improve this answer





















          • 113





            He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.

            – LPChip
            Jun 8 '17 at 8:54






          • 13





            How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?

            – Mehrdad
            Jun 9 '17 at 1:19






          • 20





            @Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)

            – davidgo
            Jun 9 '17 at 2:47








          • 17





            @Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!

            – Auspex
            Jun 9 '17 at 13:16






          • 3





            Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.

            – StockB
            Jun 9 '17 at 16:15














          130












          130








          130







          Yes, it is most likely some kind of hacking ploy, although it's a guess as to why.



          I do point out that locking your router down to specific MAC addresses might provide a tiny bit of security, but not much.



          It's also unlikely that their actions are designed to hack your network - they are more likely to try and capture your traffic.



          If it were me, I would take advantage of them - I'd get a cheap VPN and some dedicated hardware (low spec PC, large hard drive), connect it up to the VPN and their network and leach hard. Because you are using a VPN they won't be able to intercept your traffic but you can consume all their bandwidth until they wake up. (And you have plausible deniability "Hey, I thought I was connected to my AP - I used the SSID of my device)



          Couple of other things to mull over -
          It's conceivable that both of these APs are actually yours - one in the 2.4 gig band, one in the 5 gig band, and the 5 gig band is simply not encrypted. Check your router configuration to rule this out and/or some kind of Wifi Analyser (There are a few available from the Play store for Android) to help you work out where the signals are coming from by looking at signal strength.



          Watch out for de-auth packets. If they are trying to hack your systems it would not surprise me if they are trying to send de-auth packets to interfere with your connections to increase the chance that someone on your network tries to connect to them.






          share|improve this answer















          Yes, it is most likely some kind of hacking ploy, although it's a guess as to why.



          I do point out that locking your router down to specific MAC addresses might provide a tiny bit of security, but not much.



          It's also unlikely that their actions are designed to hack your network - they are more likely to try and capture your traffic.



          If it were me, I would take advantage of them - I'd get a cheap VPN and some dedicated hardware (low spec PC, large hard drive), connect it up to the VPN and their network and leach hard. Because you are using a VPN they won't be able to intercept your traffic but you can consume all their bandwidth until they wake up. (And you have plausible deniability "Hey, I thought I was connected to my AP - I used the SSID of my device)



          Couple of other things to mull over -
          It's conceivable that both of these APs are actually yours - one in the 2.4 gig band, one in the 5 gig band, and the 5 gig band is simply not encrypted. Check your router configuration to rule this out and/or some kind of Wifi Analyser (There are a few available from the Play store for Android) to help you work out where the signals are coming from by looking at signal strength.



          Watch out for de-auth packets. If they are trying to hack your systems it would not surprise me if they are trying to send de-auth packets to interfere with your connections to increase the chance that someone on your network tries to connect to them.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Jun 8 '17 at 20:04









          mjr

          1033




          1033










          answered Jun 8 '17 at 8:10









          davidgodavidgo

          43.7k75291




          43.7k75291








          • 113





            He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.

            – LPChip
            Jun 8 '17 at 8:54






          • 13





            How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?

            – Mehrdad
            Jun 9 '17 at 1:19






          • 20





            @Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)

            – davidgo
            Jun 9 '17 at 2:47








          • 17





            @Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!

            – Auspex
            Jun 9 '17 at 13:16






          • 3





            Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.

            – StockB
            Jun 9 '17 at 16:15














          • 113





            He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.

            – LPChip
            Jun 8 '17 at 8:54






          • 13





            How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?

            – Mehrdad
            Jun 9 '17 at 1:19






          • 20





            @Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)

            – davidgo
            Jun 9 '17 at 2:47








          • 17





            @Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!

            – Auspex
            Jun 9 '17 at 13:16






          • 3





            Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.

            – StockB
            Jun 9 '17 at 16:15








          113




          113





          He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.

          – LPChip
          Jun 8 '17 at 8:54





          He mentions he unplugs the router and the other network remains, this rules out that its his 5gig band.

          – LPChip
          Jun 8 '17 at 8:54




          13




          13





          How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?

          – Mehrdad
          Jun 9 '17 at 1:19





          How is this plausible deniability? You were leaching bandwidth on a cheap computer you bought over a VPN that you normally never use. Are you trying to lie to a 5-year-old or to a judge?

          – Mehrdad
          Jun 9 '17 at 1:19




          20




          20





          @Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)

          – davidgo
          Jun 9 '17 at 2:47







          @Mehrdad Plausible deniability exists as your neighbour was trying to trick you to connect to their AP - and you fell for it. My neighbour behaves like a hacker, so its entirely reasonable to get a VPN to protect myself. (Also, I don't need to lie to a judge, the other party is the one making the claim - my lawyer could simply sow the seeds of doubt). I'm curious on what better legal minds think though, so I've posed this at a question at law.se (law.stackexchange.com/questions/19482/…)

          – davidgo
          Jun 9 '17 at 2:47






          17




          17





          @Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!

          – Auspex
          Jun 9 '17 at 13:16





          @Mehrdad If I'm going to lie about network hacking, I'd take my chances on a judge before a five-year old!

          – Auspex
          Jun 9 '17 at 13:16




          3




          3





          Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.

          – StockB
          Jun 9 '17 at 16:15





          Regardless of the "plausible deniability," I find it unethical to advocate such shady behaviour, especially since, depending on jurisdiction, it may entirely legal to connect to an open access point.

          – StockB
          Jun 9 '17 at 16:15













          56














          It sounds to me that this is something called "Evil Twin".



          Basically the attacker creates a network that mimics yours so you (or your machine all by itself) connect to that instead. He achieves that by, as davidgo said, sending de-auth packets to your router so you have to reconnect. By changing the MAC-Address of his own router to the one of yours, your computer automatically connects to the attackers network instead (given that its signal is stronger).
          This allows the attacker to further harm you by Man-In-The-Middle Attacks or a fake DNS that redirects common websites to phishing sites.



          Now you could do some science here and try to prove that this is indeed an attacker with bad intentions and report it, or simply take advantage of "free traffic" but since there might be some DNS shenanigans going on you could risk giving away sensitive information when not being careful while filling out forms.






          share|improve this answer



















          • 54





            Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."

            – Corey Ogburn
            Jun 8 '17 at 15:17






          • 3





            Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?

            – JimmyB
            Jun 9 '17 at 13:20






          • 7





            @JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.

            – Kevin Fee
            Jun 9 '17 at 20:24






          • 3





            If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.

            – pHeoz
            Jun 12 '17 at 15:26






          • 1





            @JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering

            – BlueCacti
            Jun 13 '17 at 11:12
















          56














          It sounds to me that this is something called "Evil Twin".



          Basically the attacker creates a network that mimics yours so you (or your machine all by itself) connect to that instead. He achieves that by, as davidgo said, sending de-auth packets to your router so you have to reconnect. By changing the MAC-Address of his own router to the one of yours, your computer automatically connects to the attackers network instead (given that its signal is stronger).
          This allows the attacker to further harm you by Man-In-The-Middle Attacks or a fake DNS that redirects common websites to phishing sites.



          Now you could do some science here and try to prove that this is indeed an attacker with bad intentions and report it, or simply take advantage of "free traffic" but since there might be some DNS shenanigans going on you could risk giving away sensitive information when not being careful while filling out forms.






          share|improve this answer



















          • 54





            Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."

            – Corey Ogburn
            Jun 8 '17 at 15:17






          • 3





            Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?

            – JimmyB
            Jun 9 '17 at 13:20






          • 7





            @JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.

            – Kevin Fee
            Jun 9 '17 at 20:24






          • 3





            If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.

            – pHeoz
            Jun 12 '17 at 15:26






          • 1





            @JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering

            – BlueCacti
            Jun 13 '17 at 11:12














          56












          56








          56







          It sounds to me that this is something called "Evil Twin".



          Basically the attacker creates a network that mimics yours so you (or your machine all by itself) connect to that instead. He achieves that by, as davidgo said, sending de-auth packets to your router so you have to reconnect. By changing the MAC-Address of his own router to the one of yours, your computer automatically connects to the attackers network instead (given that its signal is stronger).
          This allows the attacker to further harm you by Man-In-The-Middle Attacks or a fake DNS that redirects common websites to phishing sites.



          Now you could do some science here and try to prove that this is indeed an attacker with bad intentions and report it, or simply take advantage of "free traffic" but since there might be some DNS shenanigans going on you could risk giving away sensitive information when not being careful while filling out forms.






          share|improve this answer













          It sounds to me that this is something called "Evil Twin".



          Basically the attacker creates a network that mimics yours so you (or your machine all by itself) connect to that instead. He achieves that by, as davidgo said, sending de-auth packets to your router so you have to reconnect. By changing the MAC-Address of his own router to the one of yours, your computer automatically connects to the attackers network instead (given that its signal is stronger).
          This allows the attacker to further harm you by Man-In-The-Middle Attacks or a fake DNS that redirects common websites to phishing sites.



          Now you could do some science here and try to prove that this is indeed an attacker with bad intentions and report it, or simply take advantage of "free traffic" but since there might be some DNS shenanigans going on you could risk giving away sensitive information when not being careful while filling out forms.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jun 8 '17 at 9:42









          EchoEcho

          67123




          67123








          • 54





            Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."

            – Corey Ogburn
            Jun 8 '17 at 15:17






          • 3





            Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?

            – JimmyB
            Jun 9 '17 at 13:20






          • 7





            @JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.

            – Kevin Fee
            Jun 9 '17 at 20:24






          • 3





            If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.

            – pHeoz
            Jun 12 '17 at 15:26






          • 1





            @JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering

            – BlueCacti
            Jun 13 '17 at 11:12














          • 54





            Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."

            – Corey Ogburn
            Jun 8 '17 at 15:17






          • 3





            Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?

            – JimmyB
            Jun 9 '17 at 13:20






          • 7





            @JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.

            – Kevin Fee
            Jun 9 '17 at 20:24






          • 3





            If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.

            – pHeoz
            Jun 12 '17 at 15:26






          • 1





            @JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering

            – BlueCacti
            Jun 13 '17 at 11:12








          54




          54





          Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."

          – Corey Ogburn
          Jun 8 '17 at 15:17





          Normally an Evil Twin matches the SSID exactly. I think by capitalizing certain letters they're trying to somewhat Social Engineer potential victims and make the non-capitalized SSID look like the bad clone. "Look at this uncapitalized clone! It's doing a bad job at making me click it. Obviously I should click the capitalized one that looks more official with some thought put into naming it."

          – Corey Ogburn
          Jun 8 '17 at 15:17




          3




          3





          Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?

          – JimmyB
          Jun 9 '17 at 13:20





          Why would the attacker bother with a (suspicious) SSID if he can make your device connect to his router automatically by spoofing the MAC address?

          – JimmyB
          Jun 9 '17 at 13:20




          7




          7





          @JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.

          – Kevin Fee
          Jun 9 '17 at 20:24





          @JimmyB Likely because the attacker can't manage the "given that its signal is stronger" precondition. So rather than go for the computer that's not cooperating, they go for the inattentive human.

          – Kevin Fee
          Jun 9 '17 at 20:24




          3




          3





          If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.

          – pHeoz
          Jun 12 '17 at 15:26





          If the security authentication mechanism is not the exactly the same as the original wireless network, the computer won't connect to the fake network, even if the signal is stronger.

          – pHeoz
          Jun 12 '17 at 15:26




          1




          1





          @JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering

          – BlueCacti
          Jun 13 '17 at 11:12





          @JimmyB Once a device would connect to your fake SSID, you don't need to spoof any MAC address. In an Evil Twin attack you try to lure the victim onto your wireless network by giving it the same SSID and interfere with clients connecting to the real one (by disrupting the signal or - more commonly - by forcing them to de-authenticate from the real AP). Most people don't manually pick an SSID as their device is already connected to the SSID of their home network, only when you have a new device you'll look through the list of available networks, making you susceptible for the Social Engineering

          – BlueCacti
          Jun 13 '17 at 11:12











          43














          I ran into a similar "issue" earlier this year while debugging wireless connectivity issues.



          My suggestion is a question: do you own a chromecast?



          The connectivity issues ended up being entirely the service provider's fault, but I was really stuck on this red herring SSID. By using a wifi signal strength analyzer app on my phone I tracked it down to the chromecast (which was an alternate capitalization of my wifi SSID), and there was much relief.



          EDIT:. It is important to note that the Chromecast only needs power (not "internet") to host its own wifi, it will both connect to a wifi as well as hosting its own. You can connect to this but it doesn't do anything unless you are configuring it via the app






          share|improve this answer





















          • 3





            Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.

            – K. Pick
            Jun 11 '17 at 19:08











          • I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)

            – K. Pick
            Jun 11 '17 at 19:12








          • 1





            @K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.

            – emed
            Jun 12 '17 at 17:50








          • 2





            This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.

            – KalleMP
            Jun 13 '17 at 18:15








          • 21





            @K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.

            – yankee
            Jun 13 '17 at 19:06
















          43














          I ran into a similar "issue" earlier this year while debugging wireless connectivity issues.



          My suggestion is a question: do you own a chromecast?



          The connectivity issues ended up being entirely the service provider's fault, but I was really stuck on this red herring SSID. By using a wifi signal strength analyzer app on my phone I tracked it down to the chromecast (which was an alternate capitalization of my wifi SSID), and there was much relief.



          EDIT:. It is important to note that the Chromecast only needs power (not "internet") to host its own wifi, it will both connect to a wifi as well as hosting its own. You can connect to this but it doesn't do anything unless you are configuring it via the app






          share|improve this answer





















          • 3





            Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.

            – K. Pick
            Jun 11 '17 at 19:08











          • I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)

            – K. Pick
            Jun 11 '17 at 19:12








          • 1





            @K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.

            – emed
            Jun 12 '17 at 17:50








          • 2





            This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.

            – KalleMP
            Jun 13 '17 at 18:15








          • 21





            @K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.

            – yankee
            Jun 13 '17 at 19:06














          43












          43








          43







          I ran into a similar "issue" earlier this year while debugging wireless connectivity issues.



          My suggestion is a question: do you own a chromecast?



          The connectivity issues ended up being entirely the service provider's fault, but I was really stuck on this red herring SSID. By using a wifi signal strength analyzer app on my phone I tracked it down to the chromecast (which was an alternate capitalization of my wifi SSID), and there was much relief.



          EDIT:. It is important to note that the Chromecast only needs power (not "internet") to host its own wifi, it will both connect to a wifi as well as hosting its own. You can connect to this but it doesn't do anything unless you are configuring it via the app






          share|improve this answer















          I ran into a similar "issue" earlier this year while debugging wireless connectivity issues.



          My suggestion is a question: do you own a chromecast?



          The connectivity issues ended up being entirely the service provider's fault, but I was really stuck on this red herring SSID. By using a wifi signal strength analyzer app on my phone I tracked it down to the chromecast (which was an alternate capitalization of my wifi SSID), and there was much relief.



          EDIT:. It is important to note that the Chromecast only needs power (not "internet") to host its own wifi, it will both connect to a wifi as well as hosting its own. You can connect to this but it doesn't do anything unless you are configuring it via the app







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Jun 15 '17 at 0:03

























          answered Jun 9 '17 at 19:04









          CireoCireo

          53123




          53123








          • 3





            Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.

            – K. Pick
            Jun 11 '17 at 19:08











          • I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)

            – K. Pick
            Jun 11 '17 at 19:12








          • 1





            @K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.

            – emed
            Jun 12 '17 at 17:50








          • 2





            This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.

            – KalleMP
            Jun 13 '17 at 18:15








          • 21





            @K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.

            – yankee
            Jun 13 '17 at 19:06














          • 3





            Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.

            – K. Pick
            Jun 11 '17 at 19:08











          • I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)

            – K. Pick
            Jun 11 '17 at 19:12








          • 1





            @K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.

            – emed
            Jun 12 '17 at 17:50








          • 2





            This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.

            – KalleMP
            Jun 13 '17 at 18:15








          • 21





            @K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.

            – yankee
            Jun 13 '17 at 19:06








          3




          3





          Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.

          – K. Pick
          Jun 11 '17 at 19:08





          Yes I do own a Chromecast. Buts MAC address is added into the original router and it also wouldnt work when I unplugged the router that night.

          – K. Pick
          Jun 11 '17 at 19:08













          I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)

          – K. Pick
          Jun 11 '17 at 19:12







          I will add that my Chromecast is named SantoRican as well but since it wasnt connected to the internet the Wifi was down it was offline. The cable guy checked it when he came to fix the wifi but said that wasn't what was causing the issue. (but you never know he could be wrong)

          – K. Pick
          Jun 11 '17 at 19:12






          1




          1





          @K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.

          – emed
          Jun 12 '17 at 17:50







          @K.Pick Chromecast can act as a host, so you can connect to it with your phone and configure it.

          – emed
          Jun 12 '17 at 17:50






          2




          2





          This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.

          – KalleMP
          Jun 13 '17 at 18:15







          This seems to be the most likely answer. Devious people could use other more interesting and less obvious ways. The "alternate capitalisation" should be in bold as this is the most obvious clue in my view.

          – KalleMP
          Jun 13 '17 at 18:15






          21




          21





          @K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.

          – yankee
          Jun 13 '17 at 19:06





          @K.Pick: Don't start guessing on how the chromecast is listed in your router. Simply unplug the chromecast and check if the SSID is still there.

          – yankee
          Jun 13 '17 at 19:06











          14














          Well - you seem to be taking security quite seriously. It is possible someone is trying to trick people joining the other network. Best way to start looking at this would be to change your SSID to something different - and also quite specific, for example a word with some digits substituting for letters and see if that SSID changes to similar to yours - perhaps your will be st0pthis and theirs StopThis. If you do record their SSID MAC address beforehand to see if the other SSID changed you can be even more suspicious.



          A good way on linux to see MAC addresses is iwlist YourInterfaceName scanning | egrep 'Cell |Encryption|Quality|Last beacon|ESSID' And of course you can and indeed should monitor your network for changes and suspicious activity as well keep your machines updated.






          share|improve this answer





















          • 2





            @r0berts Should implies choice with a strong recommendation.

            – wizzwizz4
            Jun 9 '17 at 19:08











          • I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )

            – r0berts
            Jun 9 '17 at 19:19






          • 1





            Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...

            – a CVn
            Jun 10 '17 at 15:19













          • I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.

            – r0berts
            Jun 13 '17 at 10:20
















          14














          Well - you seem to be taking security quite seriously. It is possible someone is trying to trick people joining the other network. Best way to start looking at this would be to change your SSID to something different - and also quite specific, for example a word with some digits substituting for letters and see if that SSID changes to similar to yours - perhaps your will be st0pthis and theirs StopThis. If you do record their SSID MAC address beforehand to see if the other SSID changed you can be even more suspicious.



          A good way on linux to see MAC addresses is iwlist YourInterfaceName scanning | egrep 'Cell |Encryption|Quality|Last beacon|ESSID' And of course you can and indeed should monitor your network for changes and suspicious activity as well keep your machines updated.






          share|improve this answer





















          • 2





            @r0berts Should implies choice with a strong recommendation.

            – wizzwizz4
            Jun 9 '17 at 19:08











          • I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )

            – r0berts
            Jun 9 '17 at 19:19






          • 1





            Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...

            – a CVn
            Jun 10 '17 at 15:19













          • I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.

            – r0berts
            Jun 13 '17 at 10:20














          14












          14








          14







          Well - you seem to be taking security quite seriously. It is possible someone is trying to trick people joining the other network. Best way to start looking at this would be to change your SSID to something different - and also quite specific, for example a word with some digits substituting for letters and see if that SSID changes to similar to yours - perhaps your will be st0pthis and theirs StopThis. If you do record their SSID MAC address beforehand to see if the other SSID changed you can be even more suspicious.



          A good way on linux to see MAC addresses is iwlist YourInterfaceName scanning | egrep 'Cell |Encryption|Quality|Last beacon|ESSID' And of course you can and indeed should monitor your network for changes and suspicious activity as well keep your machines updated.






          share|improve this answer















          Well - you seem to be taking security quite seriously. It is possible someone is trying to trick people joining the other network. Best way to start looking at this would be to change your SSID to something different - and also quite specific, for example a word with some digits substituting for letters and see if that SSID changes to similar to yours - perhaps your will be st0pthis and theirs StopThis. If you do record their SSID MAC address beforehand to see if the other SSID changed you can be even more suspicious.



          A good way on linux to see MAC addresses is iwlist YourInterfaceName scanning | egrep 'Cell |Encryption|Quality|Last beacon|ESSID' And of course you can and indeed should monitor your network for changes and suspicious activity as well keep your machines updated.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Jun 9 '17 at 19:19

























          answered Jun 8 '17 at 7:48









          r0bertsr0berts

          1,468815




          1,468815








          • 2





            @r0berts Should implies choice with a strong recommendation.

            – wizzwizz4
            Jun 9 '17 at 19:08











          • I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )

            – r0berts
            Jun 9 '17 at 19:19






          • 1





            Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...

            – a CVn
            Jun 10 '17 at 15:19













          • I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.

            – r0berts
            Jun 13 '17 at 10:20














          • 2





            @r0berts Should implies choice with a strong recommendation.

            – wizzwizz4
            Jun 9 '17 at 19:08











          • I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )

            – r0berts
            Jun 9 '17 at 19:19






          • 1





            Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...

            – a CVn
            Jun 10 '17 at 15:19













          • I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.

            – r0berts
            Jun 13 '17 at 10:20








          2




          2





          @r0berts Should implies choice with a strong recommendation.

          – wizzwizz4
          Jun 9 '17 at 19:08





          @r0berts Should implies choice with a strong recommendation.

          – wizzwizz4
          Jun 9 '17 at 19:08













          I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )

          – r0berts
          Jun 9 '17 at 19:19





          I do understand. But on average I'd say people do not know how to monitor their networks so no point making them feel guilty about that. But point taken )

          – r0berts
          Jun 9 '17 at 19:19




          1




          1





          Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...

          – a CVn
          Jun 10 '17 at 15:19







          Even just keeping your system up-to-date with patches, and having some basic computer hygiene (block-incoming-by-default firewall, up-to-date antivirus) will go a very long way toward ensuring that your system is secure. Unfortunately, that's the bare minimum required today for any system which is connected to the Internet. The days when you could just hook up any random system to the Internet with no precautions whatsoever are long gone...

          – a CVn
          Jun 10 '17 at 15:19















          I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.

          – r0berts
          Jun 13 '17 at 10:20





          I totally agree to that. It would be great if the complexity of monitoring your network could be reduced, this still requires a huge time investment to learn this for your home LAN.

          – r0berts
          Jun 13 '17 at 10:20











          11














          Simple trick,



          Change your SSID and hide it see what happens.
          If they copy your SSID again then you know you’re in trouble.



          Extreme mode



          Change your local DHCP network range to something that isn’t used on the open network



          Configure a static IP if possible so your PC can't use the open WiFi



          Configure your WiFi settings on your PC not to use open WiFi hotspots



          Change your WiFi password to something like this:
          HSAEz2ukki3ke2gu12WNuSDdDRxR3e



          Change your admin password on your router just to make sure.
          And finally use a VPN client on all your devices (also phones)



          You use MAC filtering and that’s a good low level security feature.
          Finally, use third party firewall and AV software and set the settings to annoyingly secure so you have to approve almost every action which has to do something with internet or network activity.



          Once you get used to these things it will get easier to maintain and your firewall will relax because it learns from your actions.



          Keep us posted! :)






          share|improve this answer






























            11














            Simple trick,



            Change your SSID and hide it see what happens.
            If they copy your SSID again then you know you’re in trouble.



            Extreme mode



            Change your local DHCP network range to something that isn’t used on the open network



            Configure a static IP if possible so your PC can't use the open WiFi



            Configure your WiFi settings on your PC not to use open WiFi hotspots



            Change your WiFi password to something like this:
            HSAEz2ukki3ke2gu12WNuSDdDRxR3e



            Change your admin password on your router just to make sure.
            And finally use a VPN client on all your devices (also phones)



            You use MAC filtering and that’s a good low level security feature.
            Finally, use third party firewall and AV software and set the settings to annoyingly secure so you have to approve almost every action which has to do something with internet or network activity.



            Once you get used to these things it will get easier to maintain and your firewall will relax because it learns from your actions.



            Keep us posted! :)






            share|improve this answer




























              11












              11








              11







              Simple trick,



              Change your SSID and hide it see what happens.
              If they copy your SSID again then you know you’re in trouble.



              Extreme mode



              Change your local DHCP network range to something that isn’t used on the open network



              Configure a static IP if possible so your PC can't use the open WiFi



              Configure your WiFi settings on your PC not to use open WiFi hotspots



              Change your WiFi password to something like this:
              HSAEz2ukki3ke2gu12WNuSDdDRxR3e



              Change your admin password on your router just to make sure.
              And finally use a VPN client on all your devices (also phones)



              You use MAC filtering and that’s a good low level security feature.
              Finally, use third party firewall and AV software and set the settings to annoyingly secure so you have to approve almost every action which has to do something with internet or network activity.



              Once you get used to these things it will get easier to maintain and your firewall will relax because it learns from your actions.



              Keep us posted! :)






              share|improve this answer















              Simple trick,



              Change your SSID and hide it see what happens.
              If they copy your SSID again then you know you’re in trouble.



              Extreme mode



              Change your local DHCP network range to something that isn’t used on the open network



              Configure a static IP if possible so your PC can't use the open WiFi



              Configure your WiFi settings on your PC not to use open WiFi hotspots



              Change your WiFi password to something like this:
              HSAEz2ukki3ke2gu12WNuSDdDRxR3e



              Change your admin password on your router just to make sure.
              And finally use a VPN client on all your devices (also phones)



              You use MAC filtering and that’s a good low level security feature.
              Finally, use third party firewall and AV software and set the settings to annoyingly secure so you have to approve almost every action which has to do something with internet or network activity.



              Once you get used to these things it will get easier to maintain and your firewall will relax because it learns from your actions.



              Keep us posted! :)







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Jun 16 '17 at 15:01









              Kevin Panko

              5,919113648




              5,919113648










              answered Jun 9 '17 at 7:02









              MR_MiyatiMR_Miyati

              1114




              1114























                  10














                  Yes, this is exactly what you think it is: someone is trying to trick you to join their network by mistake. Don't connect to it. If you realize you just did, run an antivirus scan and remove whatever data you have been downloading as it cannot be trusted. If you happened to also send sensitive data like a password over this rogue connection, change it right away.



                  If this access point won't go away after a while, I suggest you take a reasonable effort to make it stop (like asking your neighbors to stop that or tell their kids to stop). A device capable of showing the WiFi signal strength, like a cellphone, should allow you to track down the location of this access point precisely enough.






                  share|improve this answer
























                  • The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.

                    – Rowan Hawkins
                    Jun 13 '17 at 23:14
















                  10














                  Yes, this is exactly what you think it is: someone is trying to trick you to join their network by mistake. Don't connect to it. If you realize you just did, run an antivirus scan and remove whatever data you have been downloading as it cannot be trusted. If you happened to also send sensitive data like a password over this rogue connection, change it right away.



                  If this access point won't go away after a while, I suggest you take a reasonable effort to make it stop (like asking your neighbors to stop that or tell their kids to stop). A device capable of showing the WiFi signal strength, like a cellphone, should allow you to track down the location of this access point precisely enough.






                  share|improve this answer
























                  • The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.

                    – Rowan Hawkins
                    Jun 13 '17 at 23:14














                  10












                  10








                  10







                  Yes, this is exactly what you think it is: someone is trying to trick you to join their network by mistake. Don't connect to it. If you realize you just did, run an antivirus scan and remove whatever data you have been downloading as it cannot be trusted. If you happened to also send sensitive data like a password over this rogue connection, change it right away.



                  If this access point won't go away after a while, I suggest you take a reasonable effort to make it stop (like asking your neighbors to stop that or tell their kids to stop). A device capable of showing the WiFi signal strength, like a cellphone, should allow you to track down the location of this access point precisely enough.






                  share|improve this answer













                  Yes, this is exactly what you think it is: someone is trying to trick you to join their network by mistake. Don't connect to it. If you realize you just did, run an antivirus scan and remove whatever data you have been downloading as it cannot be trusted. If you happened to also send sensitive data like a password over this rogue connection, change it right away.



                  If this access point won't go away after a while, I suggest you take a reasonable effort to make it stop (like asking your neighbors to stop that or tell their kids to stop). A device capable of showing the WiFi signal strength, like a cellphone, should allow you to track down the location of this access point precisely enough.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Jun 8 '17 at 13:00









                  Dmitry GrigoryevDmitry Grigoryev

                  5,86612158




                  5,86612158













                  • The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.

                    – Rowan Hawkins
                    Jun 13 '17 at 23:14



















                  • The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.

                    – Rowan Hawkins
                    Jun 13 '17 at 23:14

















                  The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.

                  – Rowan Hawkins
                  Jun 13 '17 at 23:14





                  The app I would recommend for tracking it down inssider. It is created by the wonderful people at metageek.

                  – Rowan Hawkins
                  Jun 13 '17 at 23:14











                  9














                  A lot of times people with security concerns are just being paranoid. In this case, you have a very legitimate cause for concern.



                  Don't conclude maliciousness 100%, it could be an IT savvy neighbor trying to prank you, let's say by redirecting website requests to a joke site. Or someone who tried to set up their own network and just happened to imitate yours (but I am inclined to doubt that, any router nowadays will have a password requirement by default). But basically, the person would be able to see a lot of your traffic, which websites you visit, what you send and receive, apart from what's encrypted (and much is not encrypted). That could be for blackmail, espionage, stalking. On the other hand, it's not super sophisticated and quite easy to discover, so who knows.



                  More importantly, this isn't some generic mass global attack by foreign hackers, it means a physical access point is located near or in your house. If I was you, I would not alert them, but try to find it. If you have a fuse box, switch off power one course at a time, and wait five minutes and see if the access point disappears. That will tell you if it's something in your house. Otherwise you can use triangulation, a signal strength with GPS logger on your phone and take a walk through the neighborhood, or a Pringles can to find out roughly where it is. You might find an old ex with a knife, a buried box, or a neighbor's nerdy kids. If they care enough to do this, they might also have an audio bug. First track down generally where it is, and if it's inside someone's house, then you might want to call a bodyguard from work and go knocking on doors.






                  share|improve this answer



















                  • 2





                    I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.

                    – KalleMP
                    Jun 13 '17 at 18:12













                  • The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.

                    – K. Pick
                    Jun 18 '17 at 23:11
















                  9














                  A lot of times people with security concerns are just being paranoid. In this case, you have a very legitimate cause for concern.



                  Don't conclude maliciousness 100%, it could be an IT savvy neighbor trying to prank you, let's say by redirecting website requests to a joke site. Or someone who tried to set up their own network and just happened to imitate yours (but I am inclined to doubt that, any router nowadays will have a password requirement by default). But basically, the person would be able to see a lot of your traffic, which websites you visit, what you send and receive, apart from what's encrypted (and much is not encrypted). That could be for blackmail, espionage, stalking. On the other hand, it's not super sophisticated and quite easy to discover, so who knows.



                  More importantly, this isn't some generic mass global attack by foreign hackers, it means a physical access point is located near or in your house. If I was you, I would not alert them, but try to find it. If you have a fuse box, switch off power one course at a time, and wait five minutes and see if the access point disappears. That will tell you if it's something in your house. Otherwise you can use triangulation, a signal strength with GPS logger on your phone and take a walk through the neighborhood, or a Pringles can to find out roughly where it is. You might find an old ex with a knife, a buried box, or a neighbor's nerdy kids. If they care enough to do this, they might also have an audio bug. First track down generally where it is, and if it's inside someone's house, then you might want to call a bodyguard from work and go knocking on doors.






                  share|improve this answer



















                  • 2





                    I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.

                    – KalleMP
                    Jun 13 '17 at 18:12













                  • The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.

                    – K. Pick
                    Jun 18 '17 at 23:11














                  9












                  9








                  9







                  A lot of times people with security concerns are just being paranoid. In this case, you have a very legitimate cause for concern.



                  Don't conclude maliciousness 100%, it could be an IT savvy neighbor trying to prank you, let's say by redirecting website requests to a joke site. Or someone who tried to set up their own network and just happened to imitate yours (but I am inclined to doubt that, any router nowadays will have a password requirement by default). But basically, the person would be able to see a lot of your traffic, which websites you visit, what you send and receive, apart from what's encrypted (and much is not encrypted). That could be for blackmail, espionage, stalking. On the other hand, it's not super sophisticated and quite easy to discover, so who knows.



                  More importantly, this isn't some generic mass global attack by foreign hackers, it means a physical access point is located near or in your house. If I was you, I would not alert them, but try to find it. If you have a fuse box, switch off power one course at a time, and wait five minutes and see if the access point disappears. That will tell you if it's something in your house. Otherwise you can use triangulation, a signal strength with GPS logger on your phone and take a walk through the neighborhood, or a Pringles can to find out roughly where it is. You might find an old ex with a knife, a buried box, or a neighbor's nerdy kids. If they care enough to do this, they might also have an audio bug. First track down generally where it is, and if it's inside someone's house, then you might want to call a bodyguard from work and go knocking on doors.






                  share|improve this answer













                  A lot of times people with security concerns are just being paranoid. In this case, you have a very legitimate cause for concern.



                  Don't conclude maliciousness 100%, it could be an IT savvy neighbor trying to prank you, let's say by redirecting website requests to a joke site. Or someone who tried to set up their own network and just happened to imitate yours (but I am inclined to doubt that, any router nowadays will have a password requirement by default). But basically, the person would be able to see a lot of your traffic, which websites you visit, what you send and receive, apart from what's encrypted (and much is not encrypted). That could be for blackmail, espionage, stalking. On the other hand, it's not super sophisticated and quite easy to discover, so who knows.



                  More importantly, this isn't some generic mass global attack by foreign hackers, it means a physical access point is located near or in your house. If I was you, I would not alert them, but try to find it. If you have a fuse box, switch off power one course at a time, and wait five minutes and see if the access point disappears. That will tell you if it's something in your house. Otherwise you can use triangulation, a signal strength with GPS logger on your phone and take a walk through the neighborhood, or a Pringles can to find out roughly where it is. You might find an old ex with a knife, a buried box, or a neighbor's nerdy kids. If they care enough to do this, they might also have an audio bug. First track down generally where it is, and if it's inside someone's house, then you might want to call a bodyguard from work and go knocking on doors.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Jun 10 '17 at 7:22









                  BobBob

                  912




                  912








                  • 2





                    I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.

                    – KalleMP
                    Jun 13 '17 at 18:12













                  • The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.

                    – K. Pick
                    Jun 18 '17 at 23:11














                  • 2





                    I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.

                    – KalleMP
                    Jun 13 '17 at 18:12













                  • The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.

                    – K. Pick
                    Jun 18 '17 at 23:11








                  2




                  2





                  I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.

                  – KalleMP
                  Jun 13 '17 at 18:12







                  I too think it would be interesting to find out the location of the network before it gets turned off. The Chromecast answer above may be the benign explanation though.

                  – KalleMP
                  Jun 13 '17 at 18:12















                  The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.

                  – K. Pick
                  Jun 18 '17 at 23:11





                  The ssid disappeared the morning the Internet company came the fix the net so I believe if it was someone nearby they may have seen the truck and pulled it down.

                  – K. Pick
                  Jun 18 '17 at 23:11











                  2














                  The other answers so far give you enough to do about this concrete situation.



                  However it should be noted that you have noticed a situation that may be an attempt to invade your private data. There are other situations when this kind of attack is less detectable. E.g. if your neighbour knows your Wifi-Password, which you could have told them when they kindly asked, because they were new in the house and there own uplink was not ready yet. But worst of all: If you are on an unencrypted Wifi (or one where the password is commonly known) such has Hotel or Airport Wifi, these attacks will be very hard to detect, because the attacker can set up the wifi with EXACTLY the same settings (same password and same SSID) and your devices will automatically connect to the strongest signal and never tell you that it made a choice.



                  The only option to actually stay safe is to encrypt ALL your traffic. Never enter your password, emailaddress, credit card number or any other information on a website that is not SSL/TLS encrypted. Consider downloads from unencrypted websites as compromised (malware could have been injected). Before entering/downloading data on an encrypted website, check that you are on the right domain (google.com, not giigle.com. SSL will not help if you are on a domain you do not want to talk to). Install HTTPS-Everywhere or the like Also remember that there are other services than your webbrowser that might transmit data, such as an IMAP email client. Make sure it also only operates on encrypted connections. Nowadays, there is hardly any reason not encrypt all your traffic, nevertheless some developers are just to lazy etc. If you need to use some application that does not support SSL or a similar security measure, then use a VPN. Note that the VPN provider will then still be able to read all your traffic which is not encrypted in addition to the encryption that the VPN provides.






                  share|improve this answer




























                    2














                    The other answers so far give you enough to do about this concrete situation.



                    However it should be noted that you have noticed a situation that may be an attempt to invade your private data. There are other situations when this kind of attack is less detectable. E.g. if your neighbour knows your Wifi-Password, which you could have told them when they kindly asked, because they were new in the house and there own uplink was not ready yet. But worst of all: If you are on an unencrypted Wifi (or one where the password is commonly known) such has Hotel or Airport Wifi, these attacks will be very hard to detect, because the attacker can set up the wifi with EXACTLY the same settings (same password and same SSID) and your devices will automatically connect to the strongest signal and never tell you that it made a choice.



                    The only option to actually stay safe is to encrypt ALL your traffic. Never enter your password, emailaddress, credit card number or any other information on a website that is not SSL/TLS encrypted. Consider downloads from unencrypted websites as compromised (malware could have been injected). Before entering/downloading data on an encrypted website, check that you are on the right domain (google.com, not giigle.com. SSL will not help if you are on a domain you do not want to talk to). Install HTTPS-Everywhere or the like Also remember that there are other services than your webbrowser that might transmit data, such as an IMAP email client. Make sure it also only operates on encrypted connections. Nowadays, there is hardly any reason not encrypt all your traffic, nevertheless some developers are just to lazy etc. If you need to use some application that does not support SSL or a similar security measure, then use a VPN. Note that the VPN provider will then still be able to read all your traffic which is not encrypted in addition to the encryption that the VPN provides.






                    share|improve this answer


























                      2












                      2








                      2







                      The other answers so far give you enough to do about this concrete situation.



                      However it should be noted that you have noticed a situation that may be an attempt to invade your private data. There are other situations when this kind of attack is less detectable. E.g. if your neighbour knows your Wifi-Password, which you could have told them when they kindly asked, because they were new in the house and there own uplink was not ready yet. But worst of all: If you are on an unencrypted Wifi (or one where the password is commonly known) such has Hotel or Airport Wifi, these attacks will be very hard to detect, because the attacker can set up the wifi with EXACTLY the same settings (same password and same SSID) and your devices will automatically connect to the strongest signal and never tell you that it made a choice.



                      The only option to actually stay safe is to encrypt ALL your traffic. Never enter your password, emailaddress, credit card number or any other information on a website that is not SSL/TLS encrypted. Consider downloads from unencrypted websites as compromised (malware could have been injected). Before entering/downloading data on an encrypted website, check that you are on the right domain (google.com, not giigle.com. SSL will not help if you are on a domain you do not want to talk to). Install HTTPS-Everywhere or the like Also remember that there are other services than your webbrowser that might transmit data, such as an IMAP email client. Make sure it also only operates on encrypted connections. Nowadays, there is hardly any reason not encrypt all your traffic, nevertheless some developers are just to lazy etc. If you need to use some application that does not support SSL or a similar security measure, then use a VPN. Note that the VPN provider will then still be able to read all your traffic which is not encrypted in addition to the encryption that the VPN provides.






                      share|improve this answer













                      The other answers so far give you enough to do about this concrete situation.



                      However it should be noted that you have noticed a situation that may be an attempt to invade your private data. There are other situations when this kind of attack is less detectable. E.g. if your neighbour knows your Wifi-Password, which you could have told them when they kindly asked, because they were new in the house and there own uplink was not ready yet. But worst of all: If you are on an unencrypted Wifi (or one where the password is commonly known) such has Hotel or Airport Wifi, these attacks will be very hard to detect, because the attacker can set up the wifi with EXACTLY the same settings (same password and same SSID) and your devices will automatically connect to the strongest signal and never tell you that it made a choice.



                      The only option to actually stay safe is to encrypt ALL your traffic. Never enter your password, emailaddress, credit card number or any other information on a website that is not SSL/TLS encrypted. Consider downloads from unencrypted websites as compromised (malware could have been injected). Before entering/downloading data on an encrypted website, check that you are on the right domain (google.com, not giigle.com. SSL will not help if you are on a domain you do not want to talk to). Install HTTPS-Everywhere or the like Also remember that there are other services than your webbrowser that might transmit data, such as an IMAP email client. Make sure it also only operates on encrypted connections. Nowadays, there is hardly any reason not encrypt all your traffic, nevertheless some developers are just to lazy etc. If you need to use some application that does not support SSL or a similar security measure, then use a VPN. Note that the VPN provider will then still be able to read all your traffic which is not encrypted in addition to the encryption that the VPN provides.







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Jun 13 '17 at 19:01









                      yankeeyankee

                      495515




                      495515























                          1














                          IF it is a hacking attempt, it is being enacted by someone who is ignorant. Each SSID can be protected by a password of some kind and with some kind of cryptographic strength.



                          Simply having another access point configured with the same name as a near by access point is the same thing as this:




                          My name is Steve Smith and I've just moved into a house. And as it
                          happens to be true, my next door neighbor's
                          name is Steve Smith. But just because my neighbor and I have the same
                          name, does not mean the key to my front door will work on his front
                          door .... Nor does it mean that my door key will magically re-key
                          itself so that it also works on his door ...




                          and THAT is how silly it really is in terms of looking at this from a possible hacking scenario ...



                          Your answers:



                          1) Is this a ploy at hacking?



                           - Maybe, but it won't work.


                          2) Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?



                           - They might be, but it doesn't matter, since it won't work. 





                          share|improve this answer





















                          • 1





                            Kindly provide a solution to OP not just comments

                            – yass
                            Jun 14 '17 at 15:30
















                          1














                          IF it is a hacking attempt, it is being enacted by someone who is ignorant. Each SSID can be protected by a password of some kind and with some kind of cryptographic strength.



                          Simply having another access point configured with the same name as a near by access point is the same thing as this:




                          My name is Steve Smith and I've just moved into a house. And as it
                          happens to be true, my next door neighbor's
                          name is Steve Smith. But just because my neighbor and I have the same
                          name, does not mean the key to my front door will work on his front
                          door .... Nor does it mean that my door key will magically re-key
                          itself so that it also works on his door ...




                          and THAT is how silly it really is in terms of looking at this from a possible hacking scenario ...



                          Your answers:



                          1) Is this a ploy at hacking?



                           - Maybe, but it won't work.


                          2) Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?



                           - They might be, but it doesn't matter, since it won't work. 





                          share|improve this answer





















                          • 1





                            Kindly provide a solution to OP not just comments

                            – yass
                            Jun 14 '17 at 15:30














                          1












                          1








                          1







                          IF it is a hacking attempt, it is being enacted by someone who is ignorant. Each SSID can be protected by a password of some kind and with some kind of cryptographic strength.



                          Simply having another access point configured with the same name as a near by access point is the same thing as this:




                          My name is Steve Smith and I've just moved into a house. And as it
                          happens to be true, my next door neighbor's
                          name is Steve Smith. But just because my neighbor and I have the same
                          name, does not mean the key to my front door will work on his front
                          door .... Nor does it mean that my door key will magically re-key
                          itself so that it also works on his door ...




                          and THAT is how silly it really is in terms of looking at this from a possible hacking scenario ...



                          Your answers:



                          1) Is this a ploy at hacking?



                           - Maybe, but it won't work.


                          2) Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?



                           - They might be, but it doesn't matter, since it won't work. 





                          share|improve this answer















                          IF it is a hacking attempt, it is being enacted by someone who is ignorant. Each SSID can be protected by a password of some kind and with some kind of cryptographic strength.



                          Simply having another access point configured with the same name as a near by access point is the same thing as this:




                          My name is Steve Smith and I've just moved into a house. And as it
                          happens to be true, my next door neighbor's
                          name is Steve Smith. But just because my neighbor and I have the same
                          name, does not mean the key to my front door will work on his front
                          door .... Nor does it mean that my door key will magically re-key
                          itself so that it also works on his door ...




                          and THAT is how silly it really is in terms of looking at this from a possible hacking scenario ...



                          Your answers:



                          1) Is this a ploy at hacking?



                           - Maybe, but it won't work.


                          2) Are they trying to use this to infiltrate my network - since I closed mine only to approved MAC addresses - thinking I will slip up and join their network?



                           - They might be, but it doesn't matter, since it won't work. 






                          share|improve this answer














                          share|improve this answer



                          share|improve this answer








                          edited Dec 2 '17 at 12:52

























                          answered Jun 14 '17 at 15:27









                          Michael SimsMichael Sims

                          1112




                          1112








                          • 1





                            Kindly provide a solution to OP not just comments

                            – yass
                            Jun 14 '17 at 15:30














                          • 1





                            Kindly provide a solution to OP not just comments

                            – yass
                            Jun 14 '17 at 15:30








                          1




                          1





                          Kindly provide a solution to OP not just comments

                          – yass
                          Jun 14 '17 at 15:30





                          Kindly provide a solution to OP not just comments

                          – yass
                          Jun 14 '17 at 15:30











                          0














                          The answer is fairly simple,
                          IF it isn't yours, which you can check by disabling the chromecast and your router (also make sure other AP's are disabled).



                          If it still persist, it's most likely an attempt to monitor your traffic, in most cases it can't cause any harm, except if you use a lot of unencrypted sites (HTTP) instead off encrypted ones (HTTPS).



                          If you use HTTP, anything you send will be send as plain text, meaning that if your password is "123abc" they'd be able to see "123abc" as well.



                          A program which is able to undermine your traffic is for example WireShark.






                          share|improve this answer






























                            0














                            The answer is fairly simple,
                            IF it isn't yours, which you can check by disabling the chromecast and your router (also make sure other AP's are disabled).



                            If it still persist, it's most likely an attempt to monitor your traffic, in most cases it can't cause any harm, except if you use a lot of unencrypted sites (HTTP) instead off encrypted ones (HTTPS).



                            If you use HTTP, anything you send will be send as plain text, meaning that if your password is "123abc" they'd be able to see "123abc" as well.



                            A program which is able to undermine your traffic is for example WireShark.






                            share|improve this answer




























                              0












                              0








                              0







                              The answer is fairly simple,
                              IF it isn't yours, which you can check by disabling the chromecast and your router (also make sure other AP's are disabled).



                              If it still persist, it's most likely an attempt to monitor your traffic, in most cases it can't cause any harm, except if you use a lot of unencrypted sites (HTTP) instead off encrypted ones (HTTPS).



                              If you use HTTP, anything you send will be send as plain text, meaning that if your password is "123abc" they'd be able to see "123abc" as well.



                              A program which is able to undermine your traffic is for example WireShark.






                              share|improve this answer















                              The answer is fairly simple,
                              IF it isn't yours, which you can check by disabling the chromecast and your router (also make sure other AP's are disabled).



                              If it still persist, it's most likely an attempt to monitor your traffic, in most cases it can't cause any harm, except if you use a lot of unencrypted sites (HTTP) instead off encrypted ones (HTTPS).



                              If you use HTTP, anything you send will be send as plain text, meaning that if your password is "123abc" they'd be able to see "123abc" as well.



                              A program which is able to undermine your traffic is for example WireShark.







                              share|improve this answer














                              share|improve this answer



                              share|improve this answer








                              edited Jun 14 '17 at 16:04









                              yass

                              2,4153618




                              2,4153618










                              answered Jun 14 '17 at 12:59









                              Marnix MulderMarnix Mulder

                              1




                              1























                                  0














                                  If it was a hacking ploy, the network SSID would be exactly the same as yours and open - so that you would connect to it automatically (if they had stronger signal) and you wouldn't notice.



                                  I often do this to my neighbours at weekends when they are playing youtube on their laptop or phone after 1am - basically clone their network (only one unique SSID allowed) and put a password - it stops them as they go out of signal and come back in and they've not ever figured it out. They just think the WiFi is broken again.



                                  If I left it open, no password - they would connect and I would be able to perform a DNS reroute or man in the middle attack and monitor their net activity or other things that might be considered illegal - sure they might tap in my router IP and see connected devices - but it doesn't happen.



                                  As a security analyst, I would consider that a network ID such as "bestfriend" has simply made a new "BestFriend".



                                  If it was a real hacking ploy - it would be the exact same SSID and open network and you likely wouldn't notice as you reconnected to WiFi, as likley there is autoconnect to name.



                                  It's a very old trick - take a laptop into a coffeeshop and DNS reroute from a wireless dongle to their login site - get people's traffic.



                                  One reason why card readers often work off the WiFi and are hard-lined to the bank - it's too easy to MiM a Starbuck's network and another few seconds to watch the image cache of every device - hotels too, that use repeaters for extended WiFi.



                                  Esp. in USA, where some hotels do not even have a password and are very tall.
                                  Sniff that in a few seconds and even access the main desk machines or backoffice from a telephone, sometimes.



                                  (I've had network names such as "I've seen you naked" and someone's changed theirs to "me too" and "I don't want to see you naked". Or sent messages - eg, "working shifts", so neighbours know that it's ok to party all night, but please don't wake me by knocking my door for a chat because I'll be asleep at 0800).






                                  share|improve this answer






























                                    0














                                    If it was a hacking ploy, the network SSID would be exactly the same as yours and open - so that you would connect to it automatically (if they had stronger signal) and you wouldn't notice.



                                    I often do this to my neighbours at weekends when they are playing youtube on their laptop or phone after 1am - basically clone their network (only one unique SSID allowed) and put a password - it stops them as they go out of signal and come back in and they've not ever figured it out. They just think the WiFi is broken again.



                                    If I left it open, no password - they would connect and I would be able to perform a DNS reroute or man in the middle attack and monitor their net activity or other things that might be considered illegal - sure they might tap in my router IP and see connected devices - but it doesn't happen.



                                    As a security analyst, I would consider that a network ID such as "bestfriend" has simply made a new "BestFriend".



                                    If it was a real hacking ploy - it would be the exact same SSID and open network and you likely wouldn't notice as you reconnected to WiFi, as likley there is autoconnect to name.



                                    It's a very old trick - take a laptop into a coffeeshop and DNS reroute from a wireless dongle to their login site - get people's traffic.



                                    One reason why card readers often work off the WiFi and are hard-lined to the bank - it's too easy to MiM a Starbuck's network and another few seconds to watch the image cache of every device - hotels too, that use repeaters for extended WiFi.



                                    Esp. in USA, where some hotels do not even have a password and are very tall.
                                    Sniff that in a few seconds and even access the main desk machines or backoffice from a telephone, sometimes.



                                    (I've had network names such as "I've seen you naked" and someone's changed theirs to "me too" and "I don't want to see you naked". Or sent messages - eg, "working shifts", so neighbours know that it's ok to party all night, but please don't wake me by knocking my door for a chat because I'll be asleep at 0800).






                                    share|improve this answer




























                                      0












                                      0








                                      0







                                      If it was a hacking ploy, the network SSID would be exactly the same as yours and open - so that you would connect to it automatically (if they had stronger signal) and you wouldn't notice.



                                      I often do this to my neighbours at weekends when they are playing youtube on their laptop or phone after 1am - basically clone their network (only one unique SSID allowed) and put a password - it stops them as they go out of signal and come back in and they've not ever figured it out. They just think the WiFi is broken again.



                                      If I left it open, no password - they would connect and I would be able to perform a DNS reroute or man in the middle attack and monitor their net activity or other things that might be considered illegal - sure they might tap in my router IP and see connected devices - but it doesn't happen.



                                      As a security analyst, I would consider that a network ID such as "bestfriend" has simply made a new "BestFriend".



                                      If it was a real hacking ploy - it would be the exact same SSID and open network and you likely wouldn't notice as you reconnected to WiFi, as likley there is autoconnect to name.



                                      It's a very old trick - take a laptop into a coffeeshop and DNS reroute from a wireless dongle to their login site - get people's traffic.



                                      One reason why card readers often work off the WiFi and are hard-lined to the bank - it's too easy to MiM a Starbuck's network and another few seconds to watch the image cache of every device - hotels too, that use repeaters for extended WiFi.



                                      Esp. in USA, where some hotels do not even have a password and are very tall.
                                      Sniff that in a few seconds and even access the main desk machines or backoffice from a telephone, sometimes.



                                      (I've had network names such as "I've seen you naked" and someone's changed theirs to "me too" and "I don't want to see you naked". Or sent messages - eg, "working shifts", so neighbours know that it's ok to party all night, but please don't wake me by knocking my door for a chat because I'll be asleep at 0800).






                                      share|improve this answer















                                      If it was a hacking ploy, the network SSID would be exactly the same as yours and open - so that you would connect to it automatically (if they had stronger signal) and you wouldn't notice.



                                      I often do this to my neighbours at weekends when they are playing youtube on their laptop or phone after 1am - basically clone their network (only one unique SSID allowed) and put a password - it stops them as they go out of signal and come back in and they've not ever figured it out. They just think the WiFi is broken again.



                                      If I left it open, no password - they would connect and I would be able to perform a DNS reroute or man in the middle attack and monitor their net activity or other things that might be considered illegal - sure they might tap in my router IP and see connected devices - but it doesn't happen.



                                      As a security analyst, I would consider that a network ID such as "bestfriend" has simply made a new "BestFriend".



                                      If it was a real hacking ploy - it would be the exact same SSID and open network and you likely wouldn't notice as you reconnected to WiFi, as likley there is autoconnect to name.



                                      It's a very old trick - take a laptop into a coffeeshop and DNS reroute from a wireless dongle to their login site - get people's traffic.



                                      One reason why card readers often work off the WiFi and are hard-lined to the bank - it's too easy to MiM a Starbuck's network and another few seconds to watch the image cache of every device - hotels too, that use repeaters for extended WiFi.



                                      Esp. in USA, where some hotels do not even have a password and are very tall.
                                      Sniff that in a few seconds and even access the main desk machines or backoffice from a telephone, sometimes.



                                      (I've had network names such as "I've seen you naked" and someone's changed theirs to "me too" and "I don't want to see you naked". Or sent messages - eg, "working shifts", so neighbours know that it's ok to party all night, but please don't wake me by knocking my door for a chat because I'll be asleep at 0800).







                                      share|improve this answer














                                      share|improve this answer



                                      share|improve this answer








                                      edited Dec 31 '18 at 0:41

























                                      answered Dec 31 '18 at 0:34









                                      Some guySome guy

                                      11




                                      11






























                                          draft saved

                                          draft discarded




















































                                          Thanks for contributing an answer to Super User!


                                          • Please be sure to answer the question. Provide details and share your research!

                                          But avoid



                                          • Asking for help, clarification, or responding to other answers.

                                          • Making statements based on opinion; back them up with references or personal experience.


                                          To learn more, see our tips on writing great answers.




                                          draft saved


                                          draft discarded














                                          StackExchange.ready(
                                          function () {
                                          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1217160%2fssid-with-very-similar-name-is-this-an-attempt-of-hacking%23new-answer', 'question_page');
                                          }
                                          );

                                          Post as a guest















                                          Required, but never shown





















































                                          Required, but never shown














                                          Required, but never shown












                                          Required, but never shown







                                          Required, but never shown

































                                          Required, but never shown














                                          Required, but never shown












                                          Required, but never shown







                                          Required, but never shown







                                          Popular posts from this blog

                                          "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

                                          Alcedinidae

                                          Origin of the phrase “under your belt”?