Hostile client environment

I am a network newbee with some security issues.

I apparently keep loosing conection to my WRT router from my clients - but I am stil on the Internet, which surprices me because I get the IP form the WRT router. So I must be connected to some unknown AP without chosing to do so.

There is a large amount of wifi networks in the area and I want to make sure that I'm not experiencing a hostile attack.

When I am on the wifi interface from my OSX client and I turn off the wireless interface (on the router) the client keeps on being locked to the interface so it looks like I am still connected. Running "arp -a" also looks okay .... so I don't know how to find out that I am loosing connection to router.

Also since the router is transmitting its mac address and SSID I do not know what to check up against when making sure I am on the right router.

What commands and tools do I use to make sure I am connected to the right router ?

As far as I understand VPN makes encrypted tunnel from router to ISP. Is it possible to make a tunnel from OSX and android clients to the router.

Sorry for the long question :wink:

Do you suspect that there is another device broadcasting the same SSID? If that's the case, the super simple solution is this: unplug your router from power. If you still see (and can connect to) the SSID, it cannot be your device. In that situation, change your SSID and/or password, then remove that previous association from your client devices and setup the new one.


or just keep using the the other persons internet, for free ...

Thank you so much for responding. I am also looking for a way to log what is going on and be in control of my wifi network without to have to change SSID. Maybe you have idees about commands to run from terminal in OSX - again thank you

If someone else has setup the same SSID and password, there isn't much you can do to stop them. You would need to change either you SSID or password (or both) so that your devices won't connect to an imposter SSID.

So the first step is to find out if there is actually someone else masquerading as you.


Yeah ... nice

Good point .. I'll go in that direction

I suggest a phone app to scan the local wifi's and take note of them. This post of mine from while back is about wifi mapping but you can use the same apps to help you diagnose the local area too.


Actually re-reading your post. Just check your OSX client isn't auto connecting to another wifi. Maybe forget all wifi networks but yours just to make sure its not "falling" over to someone elses that is in range.

1 Like

1 Like

In the network settings I did un-check "auto-join". Now you have to manually click the wireless network to connect to. BUT when you are connected and loose connection again OSX still looks like connected. There must be som sort of treshold you can set.
On the other hand if i turn of the wireless netcard on OSX client connection disapears instantly in Luci interface ... if that makes sense :slight_smile:

Time for some Juice: SSH into your router copy/paste/execute the command. Copy paste back in preformatted text.

ubus call system board; uci export dhcp; uci export network; uci export firewall; uci export wireless

Do you have any additional wifi APs or extenders setup, or are you using just the single router for your entire space?

I only have one router - no other access points