Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

dummyssiddonotconnect987654321

As crazy as it seems the title of this message is what we are seeing on a wireless network. That SSID is no where on this network and never has been. However, we are seeing it be used by numerous clients, which are carts with a small form factor PC by Flo Healthcare Systems. We use a Cisco PCI card for wireless connectivity. It has one profile using EAP-Fast for security and one SSID.

Airmagnet clearly shows the client trying to use this in a login attempt from traces and decodes.

Anyone know how or where this could be coming from? We have done registry searches and actually found it in the registry, and deleted it only to have it re-surface and be used again.

Thanks,

Greg

4 REPLIES
Hall of Fame Super Red

Re: dummyssiddonotconnect987654321

Hi Greg.

I'm sure that this post won't help much and that hopefully an expert like ScottMac will weigh in with his expertise, but I did "Google" the title of your thread and and the search came up with this:

Network 74: "dummyssiddonotconnect987654321" BSSID: "00:40:96:A4:09:C7"

Type : probe

Carrier : 802.11b

Info : "None"

Channel : 00

WEP : "No"

Maxrate : 36.0

LLC : 1

Data : 0

Crypt : 0

Weak : 0

Dupe IV : 0

Total : 1

First : "Sun Feb 20 18:44:22 2005"

Last : "Sun Feb 20 18:44:22 2005"

Min Loc: Lat 90.000000 Lon 180.000000 Alt 0.000000 Spd 0.000000

Max Loc: Lat -90.000000 Lon -180.000000 Alt 0.000000 Spd 0.000000

This is part of a text file posted from a "War Driver" that has discovered the same network.Maybe the mac-address or something else here may point you in the right direction. Notice no WEP encryption on the AP.

Hope this helps!

Rob

PS.

I am very interested to see what you find out.

Please remember to rate helpful posts....

New Member

Re: dummyssiddonotconnect987654321

Rob,

Thanks!!! I hope we can get an answer it is driving us nuts.

Stay tuned.

Thanks,

Greg

New Member

Re: dummyssiddonotconnect987654321

I believe this ssid is from the scanning ap's.

Using airmagnet I am able to remote in the scanning ap and see it's rf traffic.

This is the only time I pick this ssid up, also the wlse does not see this as a rouge.

New Member

Re: dummyssiddonotconnect987654321

We have come to find out this maybe imbedded on the chipset by Atheros. The crazy part is the only profile for these clients is one with obviously a different SSID.

We have seen this on Airmagnet as well, and the clients contiuously use this in their Probe Request over and over and over..... Then they time out.

We are using EAP-FAST and it is driving us crazy. We have opened 2 TAC cases explaining this and no results on why this is continually happening. There will be plenty of times the clients never put this in their Probe Requests.

129
Views
0
Helpful
4
Replies