Rogue-ish SSID similar to real SSID

[dwright1542]

So I have a restaurant client in a very dense commercial strip that gives out Wifi to customers. Someone has setup an SSID with a very close name. It's not one the same network, but I suspect they are trolling for data.

Anything I can do? I suspect not.

 

[EffrafaxOfWug]

Your client can and should warn patrons to check carefully the name of the SSID before they connect to it - that's just good practice and should be universal, but of course a reminder shouldn't hurt.

First off, and the obvious one, I assume it's not a simple typo mistake when someone set up one of the APs in the restaurant or an accidental mobile hostpot on their phone?

Second off, verify - and be damned sure - that any wireless card or PoS terminals in the restaurant aren't connected to the rogue SSID. I'm hoping that the restaurant has a wholly separate network (preferably wire-only!) for its PoS kit than from its customer WLAN, but I've seen hundreds of small shops with just a flat network.

Are there any other might-be-a-duplicate-of-someone-legit hotspots visible?

A politely worded missive around the other shops might not hurt, and if you're feeling adventurous you might want to try and zero in on the access point(s) being used to broadcast the SSID. There a mobile phone apps that can do this I believe, or you can just connect to the SSID and walk around with a laptop and monitor the signal strength to get an idea of where it's coming from. This'll usually let you get a fair idea of where the signal might be originating from, at which point your client might want to go and have a chat with them - you never know, it's possible their network has been cracked and the miscreants are looking for an "in" into another business.

 

[dwright1542]

I setup the AP's and they are all managed, so no typos. This is clearly someone else. I'm not worried about restaurant security. It's more a nuisance/concern for the guests, since they see both a "xxxxx_guest" SSID, (the real one), and XXXXX_guest SSID.

It's such a dense environment (main street college town) it would be nearly impossible to figure out who it is.

 

[EffrafaxOfWug]

You could do worse than get kismet installed and give it a whirl

What's "dense" in this scenario? How many SSIDs does your average laptop see?

 

[dwright1542]

You could do worse than get kismet installed and give it a whirl

What's "dense" in this scenario? How many SSIDs does your average laptop see?

591 total, about 50 with a signal strength above -70 dBm

 

[EffrafaxOfWug]

In that case you might want to consider something like the kali+kismet on a raspberry pi since they make doing this really easy, especially if you're hooking it up to a GPS and external antennae (since direction ones make this sort of work much easier), else you can other stuff on android first if that's what you have available. I've used the WiGLE wardriving app before, and if it's a busy location you could also check the wigle website and see if anyone's mapped it or its MAC already.