6

Last night around 3-4 am I had noticed my network acting funky.. I flipped my wireless card into monitor mode and boom there was a rogue AP. I then acknowledged that I had seen them and mimic'd the movements they were making, and when I switched my mac for the last time I noticed a lot of the fake APs that were up went down.. Around 3-4. And stayed down.

Obviously after parsing through logs on my box I had been deauth'd at one point and had attached to them.. I saw requests from an IP that was out of my routers IP range. I keep my range very small for this reason.. My box is fine. What should I do from here to keep this at bay? I am afraid this may have enticed their curiousity.. Suggestions? Oh and yes my password is changed and strong.

S.L. Barth is on codidact.com
  • 5,524
  • 8
  • 40
  • 47
JohnnyMnemonic
  • 61
  • 3

4 Answers4

2

They have a good chance of being close by. Monitor Wifi signal strength of the rouge AP and try track him/her down.

Changing your PW to something strong was the right move. Voids any handshakes captured so far and makes life much more difficult next time.

TrickyDupes
  • 2,849
  • 1
  • 15
  • 27
1

If your password is strong and changed, I don't think you need worry. Most likely its just someone trying to crack password for fun. If its a strong password, they probably won't crack it, and if you've changed it, the cracked password will be useless even if they do crack it.

Nicholas Dechert
  • 115
  • 9
1

The fact the attacker was so clumsy suggests they don't really know what they're doing. Probably just script-kiddie following a YouTube tutorial. So long as your AP users WPA2, good password and a unique AP name you should be fine. Might be worth letting you neighbours know there's an idiot about.

Hadog
  • 137
  • 3
0

Use 802.11w, it is designed to be used at your case. See Preventing deauthentication attacks

Artyom
  • 101
  • 3