Home 0P3N Blog Someone Or Something Trying To Connect To My Private Network ? (Help)
Ready to Start Your Career?
Create Free Account
authors profile image
January 1, 2016

Someone Or Something Trying To Connect To My Private Network ? (Help)

January 1, 2016
authors profile image
January 1, 2016
Hi, I'm new on cybrary.it , nice to meet you all ! While exploring my router's configuration I came across a log utility. Sure thing, I decided to check it out and found that "A device failed to connect to SSID (name of my SSID) because it provided incorrect login information". The thing is, while looking deeper, I found out that it happened a LOT, pretty much every day for the last week.( I did not check farther than that..) My question is , can someone please tell me if that is someone manually trying to connect to my wifi or if something else could be doing that automatically ? Or how to find out ? Also, if it's indeed someone ( like a neighbor..) is there a way to identify him ? \[Here is an example of the logs..\] 2016-02-16 21:44:22 ERR WIFI A device failed to connect to SSID (lil.family) because it provided incorrect login information. 2016-02-16 21:45:16 ERR WIFI A device failed to connect to SSID (lil.family) because it provided incorrect login information. 2016-02-16 21:46:13 ERR WIFI A device failed to connect to SSID (lil.family) because it provided incorrect login information. 2016-02-16 22:28:26 ERR WIFI A device failed to connect to SSID (lil.family) because it provided incorrect login information. 2016-02-16 22:36:33 ERR WIFI A device failed to connect to SSID (lil.family) because it provided incorrect login information. 2016-02-16 22:51:08 ERR WIFI A device failed to connect to SSID (lil.family) because it provided incorrect login information. 2016-02-16 22:51:43 ERR WIFI A device failed to connect to SSID (lil.family) because it provided incorrect login information. 2016-02-16 23:00:57 ERR WIFI A device failed to connect to SSID (lil.family) because it provided incorrect login information. 2016-02-16 23:01:54 ERR WIFI A device failed to connect to SSID (lil.family) because it provided incorrect login information. 2016-02-16 23:02:52 ERR WIFI A device failed to connect to SSID (lil.family) because it provided incorrect login information. 2016-02-16 23:11:09 ERR WIFI A device failed to connect to SSID (lil.family) because it provided incorrect login information. 2016-02-16 23:12:07 ERR WIFI A device failed to connect to SSID (lil.family) because it provided incorrect login information. Lock down your router...the devices Internet facing IP is always being scanned. The problem is that your Internet facing web interface is enabled allowing someone to view the logon page form an external device. Other will have input on this issue... https://www.howtogeek.com/179089/lock-down-your-wi-fi-network-with-your-routers-wireless-isolation-option/ http://www.pcworld.com/article/243290/how\_to\_lock\_down\_your\_wireless\_network.html http://www.zdnet.com/pictures/six-ways-to-secure-your-vulnerable-network-router/ You can use custom firmware for your router provided by [https://www.dd-wrt.com/](https://www.dd-wrt.com/) Another thing to check is MAC addresses of connected devices. If someone is connected, then you can use Nmap for gathering more information. Set promiscuous mode on and start gathering data using Wireshark for potential lawsuit. You can try Moocherhunter [http://securitystartshere.org/page-training-oswa-assistant.htm#moocherhunter](http://securitystartshere.org/page-training-oswa-assistant.htm#moocherhunter) or other advanced ways to triangulate position using radio antennas. Contact local cybercrime division and get your camera ready for #rekt\* videos category :) \*unless one is using your neighbors machine as a proxy edit: also you can use IDS/IPS in future or have more [fun](http://www.ex-parrot.com/~pete/upside-down-ternet.html) Hey thanks a lot guys ! I was actually locking down my router when I found that problem.. so that's done, now I will install wireshark and install Kali linux and try to learn more about how to get deeper infos with thoses tools. > the devices Internet facing IP is always being scanned. The problem is that your Internet facing web interface is enabled allowing someone to view the logon page form an external device Can you please explain what you mean , I don't completely understand what it means .. :s ? Would you say it's a personne or some kind of "script" or automatic tool trying to connect to my Network ??
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry