No announcement yet.

Find the source of a "Viral SSID"?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Find the source of a "Viral SSID"?


    We have a wireless network in our building there are 2 Cisco 1240's a Cisco 1100 series, and 3 Linksys WAP54g's

    We have about 15-20 laptops at any given time in the building doing whatever laptops do...Sitting at my desk, I can see a "Free Internet Access" which is "On Demand".

    Using net stumbler that ssid doesn't exist but the microsoft zero wireless config shows it loud and clear.

    From what I have read online I think that it may be a virus/trojen somewhere in my network, how do I find the souce?

    I have used wireshark a little bit in the past, I think that it may be a good tool for the job. Could I setup a filter looking for a specific type of protocol to try and find the source IP or mac address?

  • #2
    Re: Find the source of a "Viral SSID"?

    do any other networks show up in netstumbler?
    are comfortable connecting to the rouge SSID?
    "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan


    • #3
      Re: Find the source of a "Viral SSID"?

      Every thing looks normal with net stumbler. I have 3 ssid's that I can see from my desk and they all show up and look fine.

      I have attempted to connect to the rouge ssid, nothing happens. I also had wireshark monitor my wireless adapter at the same time and nothing happened.


      • #4
        Re: Find the source of a "Viral SSID"?

        Well the "viral" ssid dissappeared, so I am thinking that it was a laptop from one of our vendors or suppliers that was in the building yesterday.

        If anybody has suggestions for tracking down the source of one of the rough ssid's please don't be afraid to share even though my problem went away.