Is my router being spoofed? Duplicate SSID broadcasted on 5 Ghz band.
I ran a wireless scan today, just now, just to see whether there's something fishy going on. For the first time, I find something that facially appears to be malicious. There are two routers broadcasting my SSID, on the same band, always within 1-5 dBm of each other. The mfg. name for the duplicate is "Xerox," which I know doen't mean anything other than to make a quippy point, and the MAC address, which also doesn't mean anything, is all zeroes.
I should note that my MacBook Pro is reporting that it is connected to the router that ends in :33. The iPhone tells me something entirely different, and I do not know how to force it unto the :33 router. I'v tried turning "private wifi address" off ad on. Not sure whether they are the same things.
EDIT: one thing I probably should have said upfront, before it’s raised as an obvious question, I do not knowingly have any xerox equipment connected to my router. Nor does Fing show any Xerox equipment connected. I do, occasionally, have a router appear with the mfg. name “Cimsys,” but I think I read that happens on Xfi modem-router combos. No one can explain exactly what it means or why it happens.
Answers
-
223 views and no comment?
0 -
Also, is any part of this demilitarized?
are you allowing your gateway to be used as a public hotspot? Because the default setting to that, automatically makes you an xfinity hotspot provider.
also, do you have your advanced security on?
have you logged into your router admin page to see if anything has been changed within it?
0 -
Hi, thank you for responding.
I just received a replacement Xfi modem/router unit. The one that I had been using had options for advanced security, but it would fail when trying to turn it on. The new modem’s advanced security does work, but within a short amount of time I noticed the same odd behaviors. The Xerox access point began showing up for it too.
No demilitarized zones, and I turned my public Wi-Fi options off for both router-modem units.
Examples of bizarre things going on include, when NOT on the Wi-Fi, my iPhone will start randomly putting itself into drive focus mode. That disables all notifications and is caused by either manually putting it into the mode or having the iPhone sense that you are in a moving vehicle. While this would tend to show that the cellular mode is the bewitched of the two, my thought is that they were able to recover my passcodes and passwords and can just access and decrypt my devices at their leisure. They would have gotten that by monitoring outgoing signals.
Both my MacBook Pro and iPhone constantly lose the Wi-Fi connections. I will turn off auto-rejoin on both to ensure my signals is not being tampered with to trick me to logging onto the attacker access point. Every time, auto-rejoin gets turned back on and even if it didn’t, even if I was to sit around with the Wi-Fi passphrase in my clipboard to be able to quickly logon, as soon as you select the access point, MacOS automatically pasted the passphrase and logs on. That’s before there’s an opportunity to check the access point out to ensure it’s secure.
I have Private Relay Beta turned on in Macos, and things actually go really well for a while on that. But then it will say that the connection to Private Relat has been lost and I will automatically reconnect when it’s back up. Every time, there’s no issue with Private Relay. I click the button to turn it off and right back on and it’s up and running, which means my devices are not reconnecting as they’re supposed to.
Ive had to reformat my hard drive three times in the past 24 hours. I keep finding upward of 20 hidden volumes connecting to my MacBook remotely. If I turn Wi-Fi off, they disconnect and come right back as Bluetooth connections. Whenever I attach and external drive to create a time machine, it becomes corrupted.
There are a lot of system “mistakes” while running online recovery mode to erase volumes, partition a drive, etc. It will tell me that my Wi-Fi passcode is not correct, when it absolutely is correct. I’ll type it slower and when the screen zips to the left, as part of its animation for successful connection, it will accidentally go past the “select the volume” screen twice. The passphrase window is supposed to zip to the left onto a new screen asking what drive you want to install on. It “accidentally” goes past the screen one time so it lands on a second screen.
I just did a recovery mode reset 5 hours ago. I created a partition on the HD volume to house time machine backups. Not recommended, but external devices keep corrupting. Within three hours, I lost the ability to connect to my Apple TV, at least seemingly. It would say “iPhone could not connect to Apple TV.” If you look at the network tab for both, we appear to be on the same network. But not if you ask the Apple TV, the only device with limited snooping value.
Because it’s Xfinity, they control all the features that would allow me to get out of this situation, including the ability to hop channels. My computer stays on channel 157 and does not move, all congested areas of the band. Wi-Fi Explorer will throw up warnings about the level of noise due to band traffic near my channel or on my channel. But there is no option to force it to change channels, and for the past two weeks it has been stuck at channel 157. (It’s on a different channel now that I have a new router, but it’s staying in that channel now. I won’t disclose it publicly, although there’s no secret to it.) Like I said, I’ll spontaneously get texts at 4:00 a.m. providing my Wi-Fi information, including SSID and passphrase, saying “Per your request, here are your SSID and passphrase.”
At this point, I’m beginning to think that these people are so good, they’ve already hacked the base system software. Only way around that is to create a bootable drive so you can erase the system’s HD base system volume. When I try, it corrupts before I can use it. I think they may have a script running on the remote system that causes their access point to imitate any changes whenever I make I make a system change, so I’m actually making changes to a template. It’s reading my changes and the template is modifying to show them as effectuated. Unless I use the reset button on the device, when I make changes via 10.0.0.1 admin page, the router does not turn off and back on.
To highlight, I just received this router two days ago.
0 -
To give you an example of something that just happened, I just reformatted my HD after taking two hours to get rid of corrupted hidden volumes. Was logging into my newly created MacOS account and got to where you enter your iCloud password.
I entered it. It didn’t say, “Your password was incorrect,” it said, “Failed to connect to remote server…” I knew my password was, in fact, correct. I re-entered it, fast and slow, about 15 times. Each time subsequent to the first, it said my password was incorrect. As stated, I knew it was correct. To be certain, I went to iCloud in my phone and reset the password. To do so, I had to first enter the [then] current password, which was the same as I had been entering it on the computer. I changed the passcode and then started entering the new passcode. “Your password was incorrect.” Well, no it wasn’t… because I just changed it to that, and also, what is this about a server?
0 -
i have xfinity as well. The easiest thing to do is unplug the gateway for ten minutes and let it reset. Log into your router admin page. Default admin password combo. Immediately set new password. Then get in xfinity app and find unknown devices and block them from your network
0 -
This might be a dumb question, but.. while your wifi setup (password, security settings, etc) might be in order, have you changed the admin password on the router login?
i have xfinity and the default router username is admin and the password might be generic, which means someone could possibly login to the router itself and wreak havoc.
I’m sorry you’re having these issues. You have lots of views bc Fing put your question in their newsletter.
0 -
When you run Wifi Scan from the Tools menu on the Desktop app, does it show a duplicate, unlocked access point on a separate channel within your band?Cojo7795 said:i have xfinity as well. The easiest thing to do is unplug the gateway for ten minutes and let it reset. Log into your router admin page. Default admin password combo. Immediately set new password. Then get in xfinity app and find unknown devices and block them from your network
I ended up switching to CenturyLink. Half the money for double the speed. On top of that Xfinity is no longer micromanaging may settings, hiding verbose logs from me, etc. With CenturyLink, they allow you full control over your modem settings. I also purchased a Firewalla Gold firewall.0 -
Your Xfinity device (
all of them, I think) might be broadcasting a portion of your bandwidth, under the ever-misleading feature name of "Home Hotspot."
Instructions for disabling (because of course the customer who never opted in must opt-out) are included at the same link above.That's the good thing about opinions... they don't have to be backed up with facts.0 -
I am I am having almost same issue with Xerox device with same ssid. But I have a tplink router and att cable modem0
-
เราจะช่วยได้อย่างไรพัต said:ช่วยด้วย
That's the good thing about opinions... they don't have to be backed up with facts.
1
Categories
- 5.8K All Categories
- 2.8K Ask about Connected Technology
- How To...
- 1.1K Devices & Security
- 1.6K Network Troubleshooting & Connectivity
- 114 General Discussion, Weird & Wonderful
- 45 Network Infrastructure
- 5.4K Ask about Fing
- 548 Fing Account Change Request
- 1.1K Fing Desktop
- 1.4K Fing App
- 1.7K Fingbox
- 534 Announcements, Beta Testing & Release Notes
- 160 Community Updates
- 29 Getting started
- 13 Community User Guides