Anyone else experience rouge connections via Fingbox?

ImotepImotep Member Posts: 2
First Comment Photogenic
I've been experiencing some strange behaviors on the WiFi side of my network, there in the 10 network is where my Fingbox is located. Here recently, my WiFi  cameras would de-auth spontaneously causing freezing of the images presented or get lost all together. Went through a full regiment of tests (Wire-Shark, Kismet)  only to find rouge device emanated from the Fingbox itself. Did a full inventory of my wifi network and found a android device not owned by nor installed on my network. I removed it from the Fing app on to see it immediately come back. It attempted to mimic several other devices I installed, including utilizing my naming convention, attempted to clone IP addresses already in use so as to hide behind another device. One day its at one address then re-appear at another address always using the same mac address. I then assigned that mac address to a specific IP on the router so It could not roam. High lever espionage going on here. At least now it can't just pop up somewhere else but mac cloning is in use.
Reverend

Answers

  • ImotepImotep Member Posts: 2
    First Comment Photogenic
    My original question drafted before losing connection not knowing a draft was created.
    I did a full audit of my WiFi network, identifying all devices with type, mac and IP addresses. This emanated from spotty WiFi coverage for no darn reason at all, cameras would de-auth spontaneously or images would be extremely sluggish (or freeze)  from one cam view to the next . I then discovered a android device attempted to join (but blocked) over and over. It would attempt to use an already assigned (DHCP) address, even utilize my naming convention to mimic an already defined device and its properties. This indicated to me an active surveillance on my WiFi network. I went to my router and recorded all the logs and saw a flood of failed attempts to connect. I spotted the device which seemed to roaming around my network perpetrating other devices present, always blocked out. However, whenever that device was present, roaming de-auths of entire WiFi inventory. Initially I was able to remove rouge device  via Fing APP and WiFi stabilized. Soon after, rouge entity would immediately show up  repeatedly  in the same place. I then used the router and locked that rouge mac to a specific address so at least it could not roam around. In spite of never receiving a valid IP, entity was indeed able to cause interference. By now, I has already configured router to mac filter  so no new devices could obtain DHCP but rouge had been learned. Fing app could not tell me anything other than its mac, even though I did not trust its credentials so I then began to disconnect everything from my switch to trace location of rouge device. NO WHERE, so I then did an ARP on my Ubuntu Linux and found rouge device tracked back to the FING box itself


  • JoeeAJoeeA Member Posts: 5
    First Comment

    Lol, so what does this all mean? Your conclusions?

  • ReverendReverend Member Posts: 4
    Name Dropper Photogenic First Comment
    I am dealing with the very same issues myself. I think I am the victim of a man in the middle attack more than just a denial of service!
  • waynerwayner Member, Beta Tester Posts: 32
    10 Comments Name Dropper First Anniversary Photogenic
    ✭✭
    Rouge?
    TRID I dont think it means what you think it means
    I think you mean rogue.


Sign In or Register to comment.