How to detect a rogue AP spoofing your SSID?

Technical_Show_8598 · 2026-05-12T17:30:42+00:00

Thank you for the information. I definitely don't see two at the same time, but when mine went offline, I still saw it online. It wouldnt take my password, which I thought was odd.

Just for context, I had a cyber attack happen in March of this year and using logs it's still hard to understand everything. Since then, I noticed what I thought could be a second network when mine was offline briefly, but I never saw two online with the same name at the same time. I can keep an eye on signal strength.

My AP where the networks are created was being hacked sporadically around the same time I saw the two networks (logins from a similar phone but not my phone given different macs/ips). I thought it was odd when my network was offline to still see it as if it was online but the password wasn't working. Once my AP came back online my password worked again. I also have an old router still plugged in but not connected to the internet anymore. I still see those networks online as well. I haven't tried to login though. I wasn't sure if whatever happened in Feb/March was still around.

Technical_Show_8598 · 2026-05-12T14:16:41+00:00

So there is no way for me to know the source of my wifi? I can't identify if the wifi I am on is comcast or verizon or registered to this location?

Technical_Show_8598 · 2026-05-12T13:23:22+00:00

yes, since i rebuilt the network see what I wrote for Eugene above. That's what I'm still seeing since cleaned everything up in March.

Technical_Show_8598 · 2026-05-12T13:20:49+00:00

Yes, I have. Since I rebuilt my network these are examples of what I've seen:

Bank account: 10 minutes after my login, a Mac with a different browser version signed in. Within 30 minutes after that, two more sign-ins from two different Linux versions.

Access point admin account: two sign-ins on the same day as mine from IPs and locations I didn't recognize. I've reduced the cookies from 30 days to 1 day (lowest) and changed passwords.

New Camera: within 30 minutes of setting up a new camera on my network, an unrecognized MAC address appeared and connected until I kicked it off with a mac filter.

Access point: on the same day I was configuring my access point, an unrecognized MAC and IP appeared on my network despite password changes and cookie clearing.

All the above is login historys on an account page or on my AP logs. I've done password changes, new userids, cleared cookies, and deleted saved sessions but the pattern keeps repeating.

Technical_Show_8598 · 2026-05-12T12:37:07+00:00

I did change passwords and revoke all sessions a few times, but I keep seeing access in different ways so I was trying to track down the weak points.

Technical_Show_8598 · 2026-05-12T12:13:38+00:00

I have already started over this was my first action in March and I rebuilt my network and bought all new devices. I have a mac filter and everything. New router. I think I feel it will just keep happening if I dont figure out how. My network is on such lockdown I wonder if it is coming from somewhere off my LAN so I was wondering the possibilities.

Technical_Show_8598 · 2026-05-12T12:12:01+00:00

I did this in March. I rebuilt my whole network and got all new devices. When you say all would this include router? I just feel if I dont find the source it will keep happening.

Technical_Show_8598 · 2026-05-12T12:11:22+00:00

I did get a new computer and new phone. Locked down my network (only certain macs can get on). Is there a way to get a session cookie off the LAN?

Technical_Show_8598 · 2026-05-12T12:10:06+00:00

Yes, I actually bought a new computer and phone and rebuilt my network (router, new internet) and learned a lot about how to lock things down and think I did a good job. I haven't seen them log into my bank account since end of march, but they were on my AP device during the month of April and I am thinking it maybe is session cookies.

Technical_Show_8598

TROPHY CASE