• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Mysterious hidden networks

R

rbaibich

Senior member
I was visiting a friend in Sao Paulo and I decided to help solve the problems he was having with his wifi. When I scanned to see what would be the best channel to take, I found over 100 hidden SSID networks lurking on a few different channels. That seemed weird, so I tried to pull their MAC addresses to try and figure out where it was coming from.

There's absolutely no record of those. Anywhere. I'm guessing they're fake MAC addresses.

So we were wondering what the hell are those? Security cameras maybe? Wouldn't those have normal MAC addresses? And who would have hundreds of them?

Here are a few of the ones I got. Any help solving the mystery is appreciated.

Code: 
41:E1:D0:40:EE:A5
57:AF:C3:OE:6E:AB
AC:BE:15:58:6C:58
E7:D5:40:22:54:0E
11:87:ED:79:64:74
2D:3D:F9:67:7F:44
A7:47:83:7D:96:99
1F:61:80:22:50:D4
 
Are there businesses. schools, etc. nearby? It could be that they have wireless router or other wifi infrastructure, with plenty of network/IP camera hosts. Does your friend share a WLAN with others?

As for the MAC addresses, well each vendor making NICs (no matter whether in routers, switches, servers, workstations, network cameras, etc.) would have a unique MAC addresses for their respective network interface controllers. From a cursory glance, I don't see much wrong in the MACs you listed.
 
But isn't it weird that NONE of those MAC addresses shows up in the OUI database? You would think that at least one of those would be from a known vendor. It looks as if all the MAC addresses are actually fake.
 
inSIDDer 2, among other tools, should be able to resolve those SSIDs. Might give you some clue if they chose meaningful names.

Suppose you could wander around with a laptop, plot signal strength, and try to figure out where they're coming from, too, but that's liable to be a lot of work.
 
PhoenixEnigma said:
inSIDDer 2, among other tools, should be able to resolve those SSIDs. Might give you some clue if they chose meaningful names.

Suppose you could wander around with a laptop, plot signal strength, and try to figure out where they're coming from, too, but that's liable to be a lot of work.
Click to expand...

That may be the only option. (This is a general statement only) Usually mac addresses with no vender info is a result of mac spoofing. It could be someone is trying to spoof a mac to get inside someone's network and has flooded it.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top