Page 1 of 1

Strange SSID's.....

PostPosted: Fri Feb 07, 2003 8:43 am
by dmzguy
While driving has anyone noticed any strange named Peer networks? I live in Northwestern Indiana, work in Portage, Indiana to be exact and have been noticing SEVERAL strange wireless networks, all of the are peer networks, they have what appears to be dynamically created SSIDs (could be static, too), they also have strange, non-registered mac addresses, otherwise I would just blow it off. I've found 6 such networks (two of the mac-addresses below are identical, so i'm assuming they were the same device, at two different points in time, hence the differing SSIDs)

Two of these wireless networks in particular seemed to "follow" me for about 10 miles down US 30, from Merrilville to Valparaiso. I've had theories that it may be a palm or windows ce/ pocket pc device with 802.11, or a cellular phone that has internet access... maybe a wireless ISP, I'm really at a total loss.

Anyone else that has seen similar networks and would like to work on this problem together, email me @ with your netstumbler files.

Here is a copy of the SSID's and mac addresses, and channels, that i have found these devices to be running on. (the ssids seem to be in the range of 128000 - 134000 thus far)

ssid mac channel
133011 16-00-83-01-83-01 14,6
131117 0E-03-32-03-6F-02 14,6
133011 E2-01-0D-03-32-03 6
131037 9E-00-E0-01-0D-03 6
129179 2E-02-AF-01-7D-01 6,14
129179 E2-01-0D-03-32-03 6
128189 B2-02-F6-01-C6-03 6

PostPosted: Fri Feb 07, 2003 9:45 am
by rberger
Querying on by MAC address (use colons instead of hyphens) shows lots of occurences for 0E:03:32:03:6F:02 at many differenct lat/longs. Not sure what this means...

PostPosted: Sun Feb 09, 2003 12:38 pm
by Jaffo
perhaps there's a software package out there that uses this MAC when brodcasting/sniffing? not too hard, considering what it takes to change/spoof a MAC. i'm not too familiar with the more obscure utilities yet for sniffing/cracking/stumbling etc. anyone have any input? it'd be nice to know...give us a clue if we should add that MAC to our .kill lists ;)

PostPosted: Sun Feb 09, 2003 3:12 pm
by Madhadder
Still can't figure this one out either...
I've seen them over here in Germany also..
I would have to agree with the above post. It would seem
to be some kind of Software the reconfigures the cards for
some purpose.

weird SSID NSA?

PostPosted: Wed Feb 26, 2003 5:56 pm
by hugodrax
I found one that was odd it was National Security Agency REMOB

what is REMOB?

PostPosted: Wed Feb 26, 2003 6:29 pm
by Mr.White
REMote OBservation.

PostPosted: Wed Feb 26, 2003 7:43 pm
by agentgrn
Originally posted by Mr.White
[B]REMote OBservation. [/B] are being watched. ;)

PostPosted: Wed Feb 26, 2003 7:58 pm
by neil
one thing to take a look at with those stange ssid's and macs would be the sequence numbers of the packets.

there was a recent article (link eludes me but at kismet board).. about mac spoofing detection.

in a nutshell programs that do packet manufacturing typically don't/can't alter the sequence number of the packets.

fakeap was used as an example. if you looked at the packets you would notice the incremental sequence numbers in the pakets.

loose on details, yes i know.


PostPosted: Mon Mar 24, 2003 6:08 pm
by chuck2
I got several "law-net0" ssid's, one of the mac addressess start with 02 05 48 , they are all in peer mode, and are scattered around the city.

PostPosted: Mon Mar 24, 2003 7:11 pm
by azstumbler
there is at least one program that will put out a number of fake ssids and MAC addresses. This is done to hide a valid one. The idea is security through obscurity.

PostPosted: Sat Apr 19, 2003 7:13 am
by zylone
I have noticed an odd peer link that follows me around literally my whole town.. after looking into it and talking to some of my friends around here... we have come to the conclusion that it is the local wireless DSL company that serves our town. There is a 360 degree dipole antenna that covers about a max effective range of 10 miles which is well more than the diameter of my town as well

PostPosted: Fri Apr 30, 2004 11:07 pm
by drunkenwebmastr
want strange ssids? stumble around walmat. those little hand held inventory scanners they use run on wi-fi. you'll prolly get 5 to 20 wep encrypted APs all like pi07490509x09. screwed me up for a while till i figured out what it was. lots of strange stuff out there. i picked up an AP that netstumbler reported the vender brand as being (fake). new one on me. i've also seen the issue of different MAC addresses from one card in Ad-Hoc. as far as i can tell that's an OS BS thing. don't know about *nix, but most windows systems (don't know after 98 but for sure up till that time) only read the mac addy from the card when it was installed. it then stored it in the registry. which means you can change it to spoof your mac addy, anyhow.....since it's only software based, it's easily changeable. had issues when trying to get my best friends wi-fi equipment set up that nestumbler kept reading his card as a different mac addy every time he tried to connect to something. i'm working on assembling a list of the funniest ssids i've found though. i've found several thousand in my area, but still my favorite is "plzdonthaxor" which strangely enough is non-encrypted. but being encrypted doesn't make you secure and being non-encrypted doesn't make you unsecure. enough babble. after a long day of wardriving it's time to pass out......later

PostPosted: Sat May 01, 2004 8:46 pm
by Twisted
drunkenwebmastr wrote:want strange ssids? stumble around walmat. those little hand held inventory scanners they use run on wi-fi. you'll prolly get 5 to 20 wep encrypted APs all like pi07490509x09.

Actually that is part of the naming convention for all Wal-Mart Retail, and DC's (Distro Center) Ap's.

For the record Wal Mart is evil, and it has nothing to do with the interview I had with them.