-2

I have noticed that when I go to connect to my wifi on my home network, a new Wifi appeared with identical signal strength but with the addition of the number 2 in the wifi name. Both are encrypted wireless networks and both have the same password but different mac addresses...

What's bizarre is that it only appears on one computer (mine) that is connected to the router (2WIRE237).

I have checked three other computers on the same network, and 2WIRE237 2 does not appear. In addition, although 2WIRE237 2 is "secure" (see photo), for some reason my computer automatically knows the password. I can connect to 2WIRE237 2; meanwhile, the network does not appear for anyone else using the network. Why?

Keeping in mind, the Wifi network 2WIRE237 2 has never been implemented....there has never been a "2WIRE237 2" as the router name. It has always been "2WIRE237".

photo of wifi selection in windows - 2WIRE237 and 2WIRE237 2

I have read that hackers can utilize this method to gain access to computers. How can I determine if this is a Evil Twin attack? Does it appear so? What programs are user friendly to determine this? I have downloaded EVILAPDEFENDER; however, I am not a technology genius and I do not know how to install the program or run python.

I believe my information and data is being compromised. I don't know how to determine if this is a MITM attack or some type of router or Evil Twin attack?

The model number of the router is 380THGV

Romani
  • 5
  • 1
  • 5
  • 1
    Does your router have 2.5GHz and 5GHz? Because maybe they are both legitimately yours, but two separate freqs. – K.Dᴀᴠɪs Feb 15 '18 at 23:15
  • @K.Davis no, the router is only 2.5GHz.....not 5GHz. – Romani Feb 15 '18 at 23:19
  • What is the model of your AP? Also, the point of evil twin attacks is they look identical - by using the same SSID. A different SSID would be ... odd. There's far more reasonable explanations than that. – Bob Feb 15 '18 at 23:22
  • @Ramhound "This means you are not being attacked." - so, what exactly is it then? If no other device can see the network, what exactly is going on? "- You already determined that isn’t the case based on your description your “problem”." Can you elaborate a little bit please? – Romani Feb 15 '18 at 23:24
  • @Ramhound what specifications do you need? – Romani Feb 15 '18 at 23:25
  • 1
    2Wire is the brand of modem/AP offered by AT&T with their home DSL internet service. What is most likely is that your computer has a duplicate profile for the connection to this AP. Find and remove the remembered wireless networks on this computer and see if the duplicates show in the list of available networks. – music2myear Feb 15 '18 at 23:25
  • 1
    Possible duplicate of [SSID with very similar name, is this an attempt of hacking?](https://superuser.com/questions/1217160/ssid-with-very-similar-name-is-this-an-attempt-of-hacking) – davidgo Feb 15 '18 at 23:32
  • Voted to close as this question is a duplicate of https://superuser.com/questions/1217160 - It could be an evil maid attack, but its more likely to be something like a Chromecast. – davidgo Feb 15 '18 at 23:34
  • @music2myear duplicate profile....can you explain a little please? – Romani Feb 15 '18 at 23:36
  • @davidgo that's not the same thing. This SSID is encrypted and the password is the same, too. It's not open like in the first link you provided. – Romani Feb 15 '18 at 23:37
  • Your computer remembers wireless connections. If for some reason something in a wireless connection changes but the name does not and the computer believes the wireless network is different, it may create a new saved profile for that network, and it may append the "2" to the name to differentiate. – music2myear Feb 15 '18 at 23:38
  • @music2myear thanks for elaborating; however, the MAC address is different. This makes no sense to me. – Romani Feb 15 '18 at 23:39
  • Ramhound is looking for the model number of the router. There is still a chance this is an additional network broadcast by that same device, and having the model number would allow us to investigate that open. – music2myear Feb 15 '18 at 23:39
  • @Ramhound the model number of the router is 380THGV – Romani Feb 15 '18 at 23:43
  • @Ramhound I just did and I added the model number. – Romani Feb 15 '18 at 23:47
  • 1
    Shouldn’t have to ask. Looks like WPS is enabled by default. This is incredibly insecure. Disable it. After you do that choose the option within Windows to forget both networks, reboot, then reconnect to your access point. – Ramhound Feb 15 '18 at 23:53
  • Any event as I suspected your access point supports multiple SSIDs per it’s manual. – Ramhound Feb 15 '18 at 23:55
  • “NOTE TO REVIEWER: [JIRA 1515: ...Unable to determine the steps to set up multiple SSIDs and associated information on the UI of 3801HGV.]. Please provide the necessary info to document this. How do we configure multiple SSIDs through the UI?” -Taken from the manual. Which is sort of hilarious. – Ramhound Feb 15 '18 at 23:57
  • @Ramhound Thank you. So I disable WPS and then what other option do I select? Also, I guess it does support multiple SSIDs (according to you/per its manual) but I have never set up another SSID. – Romani Feb 15 '18 at 23:59
  • @Romani Well you did, might have not realized it, and I told you exactly what to do. If you want to get rid of the other said, reset the box, and reconfigure it. Of course it’s ancient so your better off asking at&t for a replacement. Seriously those defaults are some of the worst I have ever seen used. – Ramhound Feb 16 '18 at 00:04
  • @Ramhound thank you for your assistance. I already have reset and reconfigured the box.....no changes in what I'm seeing right now. It's still there. My point being is that I did not set up another SSID. Chances of that are nearly impossible as I stay connected to the same network all the time. Can you link me to the manual please? – Romani Feb 16 '18 at 00:12
  • @davidgo also, I do not have a chromecast. – Romani Feb 16 '18 at 00:15
  • Search for your model number. If you reset your device to its default settings, and reconfigure the wireless settings to your preference, and I presume used a different password. You can always change the SSID, if the second access point name changes also, then it’s your device. The manual literally says the steps to enable multiple SSIDs isn’t clear, likely done by accident, when you performed some unrelated configuration chnage – Ramhound Feb 16 '18 at 00:18
  • @Ramhound okay yeah thanks....so what do you suggest I do now? I have followed all of your advice.... – Romani Feb 16 '18 at 00:22
  • You changed the password and forgot both networks? – Ramhound Feb 16 '18 at 00:23
  • @Ramhound yes. 2WIRE237 2 is still showing up .... – Romani Feb 16 '18 at 01:15
  • A site survey might be a good idea - https://www.acrylicwifi.com/en/wlan-software/wlan-scanner-acrylic-wifi-free/ kinda works and would let you see if the two APs are on different bands, or if there's evn two APs – Journeyman Geek Feb 16 '18 at 09:20

1 Answers1

0

To eliminate if the “extra” wireless network is from your router or not, simply unplug it. If both networks disappear, you know immediately the problem is not a hacker and instead is a configuration issue on your end.

Based on your description, this does not sound like “cyber-crimes and cyber-stalking.” That is highly unlikely, and you should be more open-minded to a much more reasonable explanation.

You’ve already indicated the extra network only shows up on one computer. I’d be willing to bet that both networks disappear when you unplug your router. This indicates an issue with your computer causing the duplicate ID to show up.

You said it has a different MAC address. You didn’t indicate how you know that. Is it possible you are confusing the MAC address of multiple WiFi network adapters in your computer, with the BSSID of actual different wifi networks? If you want an actual detailed listing that will clearly show if you have multiple active WiFi adapters or if the two networks are different or the same, you can use the following command: netsh wlan show networks mode=bssid

The above command will list all nearby wireless networks, including which adapter sees it and the actual BSSID of the network. The BSSID is the actual, unique identifier of an individual access point. If the second network doesn’t show up here, or it does but has the same BSSID, the problem is with your computer.

It is also a good possibility this wireless network name has been used previously on a different device, and now Windows sees the BSSID is different, so it considers it a different network with the same name. You can list the wireless profiles your computer knows about with the command: netsh wlan show profiles

If you find similarly named networks delete them with the following command: netsh wlan delete profile name="[PROFILE NAME]" then reconnect to your wireless network.

Appleoddity
  • 11,565
  • 2
  • 24
  • 40