1

I have had some security issues in the past - someone specific targeting my network. I used Advanced IP scanner and found 2 devices connected, both displaying as routers (one of them I recognise, because it has the correct manufacturer name) and the other is one I don`t recognise (it is titled MYROUTER).

The two "routers" have the same MAC address, but different IPs. None of the devices that I have connected to the network myself have this IP. Should I be worried? Is this possible? What`s going on?

Improve this question
13
  • 1
    Why not physically hunt the device down and have a look what it is?
    – Seth
    Commented Jan 31, 2017 at 14:13
  • While I cannot comment on your specific situation, it is definitely possible to have a device with a spoofed MAC address as your router, and that way the device (can intercept all traffic going to the router.)
    – Yisroel Tech
    Commented Jan 31, 2017 at 14:13
  • @Seth, how can you physically locate a device, for instance, on a Wi-Fi network?
    – Yisroel Tech
    Commented Jan 31, 2017 at 14:14
  • @Seth, how can you physically locate a device, for instance, on a Wi-Fi network? Exactly... I cant find this device, physically. Thats why I`m worried that it may be a device that is intercepting my traffic...
    – Alice
    Commented Jan 31, 2017 at 14:17
  • So that is not really normal, right? To have two routers on the device list, with the same MAC and different IPs? Would something catastrophic happen to my network if I disable the other one?
    – Alice
    Commented Jan 31, 2017 at 14:19

1 Answer 1

Reset to default
1

One of the method to attack a wireless network is to make a router or a wireless adapter have the same mac address of your router and the same channel + the same SSID "the name of your network"

When the attacker start, you will feel your network very slow then your router will restart, now all the devices on your network will be connected to his device, all your devices will send a handshake "packet with the password encrypted" to his device.

There is no reason for him to use the same MAC address after that, in some additional attacks he need the same mac address just to sniff your packets and know exactly what happening inside network.

Or maybe he forget to change the MAC address! Sometimes I found weird names inside my network it's not always an attack! other network can interfere with your network, if you want to know for real what he is doing check the data transferred for that device! if he sniffing! or just an interfere.

If he is really an attacker and want's to know his physical address check for apps like this one on your mobile and follow the signal strength ;)

enter image description here

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .