We found a few Ruckus AP's broadcasting similar names to my client's corporate SSID, but they may be on different floors of our building - that were leased to a different company many years ago.
They are not on my client's floors (weak signal only in one corner near a window) but due to the similarity in SSIDs have now gotten the attention of the security department. They may be on floors higher up in the building- since my client used to own those floors.
We are curious if the detected MAC addresses could indicate the possible date of manufacture. That could at least indicate if this theory is possible- that they may have been installed years ago, never removed, and left powered.
Getting access to those floors for inspection is not possible yet, without major bureaucratic corporate decisions, hence trying to discern as much as possible with given information.
Hi Charles. All of the above addresses belong, according to the site macvendors.com, to Ruckus Wireless. You can write them a request, but IMHO will not help you, as the equipment could be stored for a long time before it was sold. But could you tell me why your SSID's “similarity” worried you? Is it possible to use your wireless network without a password?!!
Hi, thanks for the reply. The concern for the security director is mainly due diligence. It's a multi national company so they want to be sure of what is going on. He's looking to me to help explain why he should or shouldn't be worried. They first were concerned that someone was trying to harvest login credentials by spoofing their own network. I don't think that is the case. Knowing if these were older units might help form a picture of what is going on.
Initially I would try to contact the IT manager responsible for the LAN / WLAN, and ask him to consult via cdp / lldp if the MACs are associated in some interface of the switch, and would request the blocking of these APs (since he has nothing or nobody associated.
PS: I believe that the date of manufacture is irrelevant, the ideal would be to identify the models, to know if it is dual band, to identify the IP address, if they are running behind controllers, or if they are stand-alone.
Thus, some action (removal / configuration) would be easier with respect to the SSID.
The current IT department only goes back 4 years and they do not (apparently) have any records from before that, as there were major changes then- including a full remodel of the building and all infrastructure- and giving up most of the building to other tenants. Knowing the approx date of manufacture was just one avenue I was considering to see if the units may have been from that far back. Thanks