Strange SSID's.....

Configuration and operational information about stumbled AP's

Strange SSID's.....

Postby dmzguy » Fri Feb 07, 2003 8:43 am

While driving has anyone noticed any strange named Peer networks? I live in Northwestern Indiana, work in Portage, Indiana to be exact and have been noticing SEVERAL strange wireless networks, all of the are peer networks, they have what appears to be dynamically created SSIDs (could be static, too), they also have strange, non-registered mac addresses, otherwise I would just blow it off. I've found 6 such networks (two of the mac-addresses below are identical, so i'm assuming they were the same device, at two different points in time, hence the differing SSIDs)

Two of these wireless networks in particular seemed to "follow" me for about 10 miles down US 30, from Merrilville to Valparaiso. I've had theories that it may be a palm or windows ce/ pocket pc device with 802.11, or a cellular phone that has internet access... maybe a wireless ISP, I'm really at a total loss.

Anyone else that has seen similar networks and would like to work on this problem together, email me @ with your netstumbler files.

Here is a copy of the SSID's and mac addresses, and channels, that i have found these devices to be running on. (the ssids seem to be in the range of 128000 - 134000 thus far)

ssid mac channel
133011 16-00-83-01-83-01 14,6
131117 0E-03-32-03-6F-02 14,6
133011 E2-01-0D-03-32-03 6
131037 9E-00-E0-01-0D-03 6
129179 2E-02-AF-01-7D-01 6,14
129179 E2-01-0D-03-32-03 6
128189 B2-02-F6-01-C6-03 6
Mini Stumbler
Posts: 5
Joined: Fri Feb 07, 2003 8:17 am

Postby rberger » Fri Feb 07, 2003 9:45 am

Querying on by MAC address (use colons instead of hyphens) shows lots of occurences for 0E:03:32:03:6F:02 at many differenct lat/longs. Not sure what this means...
Posts: 199
Joined: Mon Sep 30, 2002 4:53 am
Location: Ohio

Postby Jaffo » Sun Feb 09, 2003 12:38 pm

perhaps there's a software package out there that uses this MAC when brodcasting/sniffing? not too hard, considering what it takes to change/spoof a MAC. i'm not too familiar with the more obscure utilities yet for sniffing/cracking/stumbling etc. anyone have any input? it'd be nice to know...give us a clue if we should add that MAC to our .kill lists ;)
Not everything that can be counted counts, and not everything that counts can be counted."
-- plaque on Albert Einstein's office wall
Posts: 43
Joined: Fri Dec 13, 2002 6:01 pm
Location: Colorado

Postby Madhadder » Sun Feb 09, 2003 3:12 pm

Still can't figure this one out either...
I've seen them over here in Germany also..
I would have to agree with the above post. It would seem
to be some kind of Software the reconfigures the cards for
some purpose.
User avatar
Posts: 1619
Joined: Sat Apr 13, 2002 5:37 am
Location: Munich, Germany

weird SSID NSA?

Postby hugodrax » Wed Feb 26, 2003 5:56 pm

I found one that was odd it was National Security Agency REMOB

what is REMOB?
Hugo Drax
Mini Stumbler
Posts: 1
Joined: Wed Feb 26, 2003 5:52 pm

Postby Mr.White » Wed Feb 26, 2003 6:29 pm

REMote OBservation.
A good way to threaten somebody is to light a stick of dynamite.
Then you call the guy and hold the burning fuse up to the phone.
"Hear that?" you say. "That's dynamite, baby." -Jack Handey
User avatar
Posts: 1051
Joined: Fri Oct 04, 2002 9:01 am
Location: Minnesota

Postby agentgrn » Wed Feb 26, 2003 7:43 pm

Originally posted by Mr.White
[B]REMote OBservation. [/B] are being watched. ;)
Posts: 517
Joined: Sun May 26, 2002 6:44 am
Location: Worcester, MA

Postby neil » Wed Feb 26, 2003 7:58 pm

one thing to take a look at with those stange ssid's and macs would be the sequence numbers of the packets.

there was a recent article (link eludes me but at kismet board).. about mac spoofing detection.

in a nutshell programs that do packet manufacturing typically don't/can't alter the sequence number of the packets.

fakeap was used as an example. if you looked at the packets you would notice the incremental sequence numbers in the pakets.

loose on details, yes i know.

Mini Stumbler
Posts: 8
Joined: Sun Apr 21, 2002 7:00 pm

Postby chuck2 » Mon Mar 24, 2003 6:08 pm

I got several "law-net0" ssid's, one of the mac addressess start with 02 05 48 , they are all in peer mode, and are scattered around the city.
User avatar
Mini Stumbler
Posts: 103
Joined: Thu Feb 20, 2003 3:31 pm

Postby azstumbler » Mon Mar 24, 2003 7:11 pm

there is at least one program that will put out a number of fake ssids and MAC addresses. This is done to hide a valid one. The idea is security through obscurity.
Mini Stumbler
Posts: 1
Joined: Fri Mar 14, 2003 3:26 am

Postby zylone » Sat Apr 19, 2003 7:13 am

I have noticed an odd peer link that follows me around literally my whole town.. after looking into it and talking to some of my friends around here... we have come to the conclusion that it is the local wireless DSL company that serves our town. There is a 360 degree dipole antenna that covers about a max effective range of 10 miles which is well more than the diameter of my town as well
Mini Stumbler
Posts: 1
Joined: Mon Jan 27, 2003 8:47 pm
Location: Corpus Christi, Tx

Postby drunkenwebmastr » Fri Apr 30, 2004 11:07 pm

want strange ssids? stumble around walmat. those little hand held inventory scanners they use run on wi-fi. you'll prolly get 5 to 20 wep encrypted APs all like pi07490509x09. screwed me up for a while till i figured out what it was. lots of strange stuff out there. i picked up an AP that netstumbler reported the vender brand as being (fake). new one on me. i've also seen the issue of different MAC addresses from one card in Ad-Hoc. as far as i can tell that's an OS BS thing. don't know about *nix, but most windows systems (don't know after 98 but for sure up till that time) only read the mac addy from the card when it was installed. it then stored it in the registry. which means you can change it to spoof your mac addy, anyhow.....since it's only software based, it's easily changeable. had issues when trying to get my best friends wi-fi equipment set up that nestumbler kept reading his card as a different mac addy every time he tried to connect to something. i'm working on assembling a list of the funniest ssids i've found though. i've found several thousand in my area, but still my favorite is "plzdonthaxor" which strangely enough is non-encrypted. but being encrypted doesn't make you secure and being non-encrypted doesn't make you unsecure. enough babble. after a long day of wardriving it's time to pass out......later
Mini Stumbler
Posts: 8
Joined: Mon Aug 18, 2003 2:51 pm
Location: basement

Postby Twisted » Sat May 01, 2004 8:46 pm

drunkenwebmastr wrote:want strange ssids? stumble around walmat. those little hand held inventory scanners they use run on wi-fi. you'll prolly get 5 to 20 wep encrypted APs all like pi07490509x09.

Actually that is part of the naming convention for all Wal-Mart Retail, and DC's (Distro Center) Ap's.

For the record Wal Mart is evil, and it has nothing to do with the interview I had with them.
Mini Stumbler
Posts: 185
Joined: Tue Dec 02, 2003 9:20 am

Return to AP Information

Who is online

Users browsing this forum: No registered users and 2 guests