Question Was my home wifi network spoofed/imitated maliciously?

Mar 20, 2020
4
0
10
0
Hello all, thank you in advance for any help or providing a direction of where I can find more resources. This is really scaring me and frustrating me because I just don't have the skillset to determine what's going on.

Laptop = HP Pavilion 15-cd0xx
AMD A12-9720P Radeon R7
64bit w/ Windows 10 Home


Router= TpLink Archer A7. Original firmware. Basic settings
Modem = Ariss SB6190 again no changes
REaltek PCIe GBE Family Controller

I had Kaspersky for a while but when annual renew came up I didn't renew. NOw using basic windows Defender and windows Firewall.
Malwarebytes also.
Was using Security Task Manager
I also use 1.1.1.1 for computer and iphone 8+

ISP = Centracom - Cable modem.
Devices connected through wifi prior to this problem.= 1 roku, 2 laptops (personal and work. Work has extensive protections for all the HIPPA related info including digipass and much more), Iphone 8+ w/ 1.1.1.1.
Devices connected now only through ethernet to router to modem is my personal laptop.


Issue: I reset my router last night to factory settings becuase I was messing with the beacon and messing with something else, laptop stopped connecting so I just reset to factory and started over. I then made the basic changes to the settings ; I changed ssid, password for ssid, admin password. reduced signal strength to medium, added 1.1.1.1 for DNS, removed remote connection ability, put all security to auto with WPA2,
Worked fine, just as it did when I first purchased.

This morning, I noticed speeds were very slow, when I checked if I was connected to the 2.4 or 5 connection I noticed I was connected to an SSID that I did not create and have never used before, but it was similar to what I just named my connection the night before (after the reset).

I immediately disconnected and then connected to my own 2.4 wifi network of which the name I created the night before.
I then Opened wireshark, disconnected from my connection that I created and connected once again to the name of the SSID that I didn't recognize and did not create but the name was similar to my own. I have those details if needed. I let wireshark run for about 5 minutes.
I found a few entries that were strange so I ran Zenmap on a couple IP addresses and found the identified OS was Tomato Linux running on a Sony Erickson. I've never owned a sony erickson and I've never used Tomato LInux either. My router's firmware is original never changed.

Last bit of info. As soon as I ran Zenmap it didn't even finish the intense scan when all my wifi networks disappeared and I lost connection to the internet. The only connection still available was the strange one i didn't recognize but whos name was similar to the new SSID's i created the night before.
I still this evening cannot connect to wifi because my computer, and my iphone both cannot find the wifi connection i created last night but they can find the new strange one i didi not create. . I currently am using my ethernet cable to connect to router and to the internet.

AGAIN, I HAVE WIRESHARK AND ZENMAP details I can provide if that would help??? Thank you so much for any help!!!
 
Last edited:

kanewolf

Titan
Moderator
Unknown about intent.
What is odd about your story is how you connected to the imposter WIFI. That would say it was either unencrypted or had your WIFI password. Obviously the first thing to do is to create a NEW UNIQUE WIFI password. Also ensure WPS is disabled on your router for security. I would probably change the SSIDs also. Maybe your SSID gave away too much info -- "Joes WIFI" helps people identify the source without having to triangulate. But "8675309Jenny" doesn't say anything other than SOMEBODY is a sucker for cheesy 1980s music.
 
Reactions: bilabong1133
Mar 20, 2020
4
0
10
0
Thank you for the reply. I did forget about WPS. I will do as you recomended and change the ssid and the passwords and disable WPS.

And just in case this helps at all:
The "imposter" connection did not have a password needed. I was able to connect automatically without a password. In fact when I went to bed that night I was connected to "Mayor" and when I woke up, unprovoked was already connected to the imposter.
Just a bit more info my SSID was "Mayor" and "Mayor13". The imposter was "Mayor 1 2" The quotes were not part of the SSID and I'm not the mayor either.

Again thank you for the recommendations and I never ever knew anyone who tried to change their phone number for giggles. :rolleyes:
 

kanewolf

Titan
Moderator
Thank you for the reply. I did forget about WPS. I will do as you recomended and change the ssid and the passwords and disable WPS.

And just in case this helps at all:
The "imposter" connection did not have a password needed. I was able to connect automatically without a password. In fact when I went to bed that night I was connected to "Mayor" and when I woke up, unprovoked was already connected to the imposter.
Just a bit more info my SSID was "Mayor" and "Mayor13". The imposter was "Mayor 1 2" The quotes were not part of the SSID and I'm not the mayor either.

Again thank you for the recommendations and I never ever knew anyone who tried to change their phone number for giggles. :rolleyes:
You should check your devices and set them to NOT automatically connect to open WIFI signals.
 
Reactions: bilabong1133
Mar 20, 2020
4
0
10
0
Interesting. I hadn't thought about that with my laptop at home. But definitely a logical move and I feel like a bonehead for leaving my devices vulnerable.

I'm still wondering if after I make my network and devices more secure, what was going on in the first place? Is there anyway to trace back the origins of this phantom wifi network?
 

kanewolf

Titan
Moderator
Interesting. I hadn't thought about that with my laptop at home. But definitely a logical move and I feel like a bonehead for leaving my devices vulnerable.

I'm still wondering if after I make my network and devices more secure, what was going on in the first place? Is there anyway to trace back the origins of this phantom wifi network?
If it were still broadcasting, then you could use a directional WIFI antenna to attempt to triangulate to it. But it is not an easy thing to do. What benefit do you believe you would get by knowing the origin?
 
Reactions: bilabong1133
Mar 20, 2020
4
0
10
0
Thank you for the reply. I did try to use Netspot to find the connection. Funny enough the phantom didn't show up on Netspot, nor did my own wifi connections.

The original question: is there a way to figure out if there is someone behind the phantom wifi connection or not? If not then so be it, if so, then what's my next step?
This has not been the only curious/coincidental thing to happen over the past 3 years. I hope and would like to prove I'm being paranoid. At least I can affect paranoia.

I could discuss human behavior all day and we'd never come to an agreement, somehow I don't think that's what this website is for.

If I can uncover any information with what I have please let me know! If I reached a dead end, that would also be nice to know. This is not my area of expertise so I'm reaching out with the half expectation of getting my hand slapped, but the hope for nformation. After all, message boards are not for the faint of heart.
 

ASK THE COMMUNITY

TRENDING THREADS