Posted by:skitrees
Subject:Yet another newbie...mysterious essid showing up
Date:11:03:18 10/03/2008

I'm totally new to the linux world. My experience can be summed up by having put together a couple of Slackware boxes (one as a SendMail server, the other a SAMBA domain member server on ads), and having toyed around with Slax on a USB drive (and whiterussian stuff on a Linksys wrt54g for drone purposes). This is my first attempt at asking help from anyone in the linux community, and I'm sorry to have to come forward, but I simply haven't been able to find any helpful information in Google, man files, or readmes pertaining to this current issue I am facing:

I have installed kismet on the wrt54g and have it logging to my laptop (Slax on USB). For the most part things run fine, but I have found something reporting an ESSID that matches some old configurations I had used a year or so ago. The problem is - that hardware is no longer in place, and I no longer use that ESSID. It is a very unique ESSID too. I've checked all my power outlets (including the few PoE connections), and I have NO unwanted devices still connected to electricity. So, I feel confident that there is absolutely no way this signal can be coming from my property. I'm wondering if I need to be worried that someone had hacked my network back then, and simply still has a "clone" out there trying to spoof me. Here's what I see in Kismet:

NAME: <my old ESSID name>
T: P
W: N
CH: --- <empty>
Packts: 9 <various value - usually under 20>
Flags: <empty>
IP Range: <empty>
BSSID = <00:xx:xx:xx:xx> (real number of course - not with x's)
Underneath this connection, one client shows up as manufacturer Zyxel and BSSID of <00:xx:xx:xx:xx> - the same number that showed up on the main page's BSSID for the AP - this seems odd to me.

Is there anything else which could cause this? If this situation does appear to be someone spoofing me, what can I do to track this connection down? Is there another tool better suited for the purpose, or is kismet the best tool for the job?

Thanks ahead of time, and again - sorry for the newbie question(s) - I really have tried hard to avoid posting until I am more proficient with linux.

