Multiple WIFI attacks, then malicious AP detected

dmg15
dmg15 Member Posts: 11
Name Dropper First Anniversary First Answer First Comment
edited October 20, 2021 in Devices & Security #1

About two weeks ago I started to get notified that Fingbox (2.0) had detected an attack on my access point. It is an Apple time capsule and not the only AP on my network so I disabled it for a day. A few days after being reenabled, same thing. Disabled it again overnight and another couple of days and the notifications start up again and became more frequent. I left it for a while, and the notification now happens every couple of minutes. After a while I get a new notification about a ‘new or malicious AP’ and an option to ‘Trust’ it.


The BSSID is completely different to my AP and matches a hidden network in my area. The BSSID of the hidden network is a close variant of 2 other visible AP in my area, their SSID suggests its an ISP provided router.


How can I find more information about the attack that is being detected?

Under what conditions would Fingbox determine that a nearby, unassociated AP is part of MY network if I have never attempted to connect to it before?

Below are screenshots of the hidden and visible AP details from Digital Fence, its relevant.

Any ideas? Cheers.

ThangHang

Comments

  • Robin_from_Fing
    Robin_from_Fing Administrator, Fing Team Posts: 5,052
    5000 Comments 250 Answers 500 Likes 100 Awesomes
    admin
    Hi @dmg15

    To update you that sometimes, it can be a false alarm as well. It seems like the warnings are getting generated due to Apple time capsule. If the time capsule is able to change the MAC address and then try to connect to main network then it may be detected as an attack. To make sure, Once Fingbox identifies a Rogue Access Point you should take immediate action: 

     
     

    • Turn off your WiFi network equipment for 15 minutes and wait. Make sure to turn off or disable WiFi from all client devices (like e.g. mobile phones, laptops, etc). Then restart networking and see if the Rogue Access Point still appears. 

     
     

    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!
    ThangHang