NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Rogue AP with unknown MAC Identifier
I've been using the RBS50+RBS50 for some time now, and a while ago one of my security devices alerted me there was a rogue AP in the area broadcasting on my SSID.
When I researched the MAC identifier, there is no known manufacturer. It starts with 92:3B:...
I thought it was just a local scriptkiddie, and that he/she would give up after a few days.
As there's no change, and I still get the alerts, I took some time looking into it, and it seems there are in fact 2 rogue APs, with MAC addresses very close to my actual 2 routers.
Is this some obscure component from Netgear? I can't any reference to it, nor is the MAC address listed anywhere online or in the ORBI web interface.
Can anyone shed any light into it? Or do I need to drive around to create a WiFi coverage map of the neighborhood to track this idiot down?
(Latest firmware etc of course)
Those back haul MACs are hidden as there is not need for any user use for them and is only used by the Orbi system. Since the system is designed to be automatic and mostly simplistic configuration, theres no need for displaying of some system settings and configurations. This is how it works for MESH and Smart Connected features. You might contact the Mfr of your security device to ask about how they detect and handle MESH and Smart Connect wifi router systems. Probably a false positive on there part.
SimonBelgium wrote:
Seriously? Why would they not list those in the web interface?
How can I identify which ones are the actual "hidden" MACs? Yes they are VERY close to the actual MACs
9 Replies
There are 4x4 hidden SSID's used by the Orbi Backhaul, those networks usually have MAC addresses similar to the ones broadcasting the clinet networks with the first or last 2 characters in the MAC different. Are you referring to those?
Seriously? Why would they not list those in the web interface?
How can I identify which ones are the actual "hidden" MACs? Yes they are VERY close to the actual MACs
SimonBelgium wrote:
Yes they are VERY close to the actual MACs
Then I would say that these are your backhaul wifi channels.
I would use a wifi scanner to see whats going in your surroundings:
https://itunes.apple.com/us/app/network-analyzer-lite-wifi/id562315041?mt=8
http://www.nirsoft.net/utils/wifi_information_view.html
https://www.acrylicwifi.com/en/wlan-software/wlan-scanner-acrylic-wifi-free/
https://lizardsystems.com/wi-fi-scanner/screenshots.php
http://nutsaboutnets.com
http://www.metageek.com/products/inssider/Is Guest Network enabled by chance?
SimonBelgium wrote:
I've been using the RBS50+RBS50 for some time now, and a while ago one of my security devices alerted me there was a rogue AP in the area broadcasting on my SSID.
When I researched the MAC identifier, there is no known manufacturer. It starts with 92:3B:...
I thought it was just a local scriptkiddie, and that he/she would give up after a few days.
As there's no change, and I still get the alerts, I took some time looking into it, and it seems there are in fact 2 rogue APs, with MAC addresses very close to my actual 2 routers.
Is this some obscure component from Netgear? I can't any reference to it, nor is the MAC address listed anywhere online or in the ORBI web interface.
Can anyone shed any light into it? Or do I need to drive around to create a WiFi coverage map of the neighborhood to track this idiot down?
(Latest firmware etc of course)
