SSID with very similar name, is this an attempt of hacking?

wireless-networking router ssid

Yes, it is most likely some kind of hacking ploy, although it's a guess as to why.

I do point out that locking your router down to specific MAC addresses might provide a tiny bit of security, but not much.

It's also unlikely that their actions are designed to hack your network - they are more likely to try and capture your traffic.

If it were me, I would take advantage of them - I'd get a cheap VPN and some dedicated hardware (low spec PC, large hard drive), connect it up to the VPN and their network and leach hard. Because you are using a VPN they won't be able to intercept your traffic but you can consume all their bandwidth until they wake up. (And you have plausible deniability "Hey, I thought I was connected to my AP - I used the SSID of my device)

Couple of other things to mull over - It's conceivable that both of these APs are actually yours - one in the 2.4 gig band, one in the 5 gig band, and the 5 gig band is simply not encrypted. Check your router configuration to rule this out and/or some kind of Wifi Analyser (There are a few available from the Play store for Android) to help you work out where the signals are coming from by looking at signal strength.

Watch out for de-auth packets. If they are trying to hack your systems it would not surprise me if they are trying to send de-auth packets to interfere with your connections to increase the chance that someone on your network tries to connect to them.


It sounds to me that this is something called "Evil Twin".

Basically the attacker creates a network that mimics yours so you (or your machine all by itself) connect to that instead. He achieves that by, as davidgo said, sending de-auth packets to your router so you have to reconnect. By changing the MAC-Address of his own router to the one of yours, your computer automatically connects to the attackers network instead (given that its signal is stronger). This allows the attacker to further harm you by Man-In-The-Middle Attacks or a fake DNS that redirects common websites to phishing sites.

Now you could do some science here and try to prove that this is indeed an attacker with bad intentions and report it, or simply take advantage of "free traffic" but since there might be some DNS shenanigans going on you could risk giving away sensitive information when not being careful while filling out forms.

Related

Excel: how to undo in current file only?
How can I tunnel all of my network traffic through SSH?
How can I tell how many bits my ssh key is?
mysql dump - exclude some table data
How to automatically call a function after pool recycling on IIS
Xcode 11 SPM authentication failed because no credentials provided
Why should I use docker ONBUILD?
Netflix Feign Exception
Sorting string values without using any method/function
Charles, empty request body with non-empty response body
It is required that you pass in a value for the "algorithms" argument when calling decode()
how play mp4 video in google colab