Solve : Weird. Unknown wired network shows up in Wireless list!?

1.	Solve : Weird. Unknown wired network shows up in Wireless list!?
Answer» I'm running Mint 17.3 -- I've googled this with many search terms to no avail. Hopefully someone here can link me to the explanation, or type it out for me. A couple hours ago, I'd lost my wifi connection to the router - which is very unusual. I'm not broadcasting the SSID, so I simply bring up the list of available wifi networks, select "connect to hidden wifi network", select mine and try to reconnect - without success. But I notice something... a never-seen-before network SSID with a wired network icon beside it ?!? This is in the list of wireless networks. A couple minutes later, the mystery network SSID was gone and I could reconnect. I have my THEORIES on what just transpired, but I'd like some expert opinions please. Thanks in advance y'all. What network adapter are you using, and do you know the driver being used to share here? It might be a bug. I have had a similar issue with Mint 17.2 and a reboot of Mint fixed it. I went out and bought a newer more modern USB wireless adapter and that fixed my issue. In my situation at boot Linux mounted the wireless internal to laptop. Then at some point it loses the connection and the adapter actually vanishes from hardware list with no ability to get it back while in that session. YET a reboot and everything works fine for a while and then the problem repeated. I bought one of those cheap USB wireless adapters that states it has Linux support and that fixed my issue. Laptop no longer drops out on me. I used this specific model and it fixed my issue with the drop out and gone wireless crash situation: http://www.newegg.com/Product/Product.aspx?Item=N82E16833315091 Quote System Requirements Windows 7/Vista/XP, Mac OS, Linux Thanks for the thoughtful response Dave. I've also fought those fights with 17.2 but with 17.3 that is no longer an issue, thankfully. There's all kinds of back-story with my wifi networks and my neighbors. But they were sponging off my wifi network. I tightened security as much as one can with non-enterprise routers, and that finally convinced them to call Comcrap to install cable Internet in their hovel.. So this issue I'm posting about is likely one of their script kiddie FRIENDS practicing packet injection, but I'm not too concerned. I really would love to get your opinion on this matter, however. I'm rather curious about why the icon is the "wrong" one, per the screenshot. I've always thought that my local machine has its own icon that is called by the OS when I go to view the list of available wifi networks. IOW, that icon is "fixed" and only the wifi network name would be a variable. Ultimately, I know they got onto my wifi to some extent, I just wonder if they got into my machine. .. since they definitely changed the icon that should have been used in this situation. Thanks in advance, Dave! [attachment deleted by admin to conserve space]If you are using WPA2 security with a non-guessable key then it is extremely unlikely that anyone was on your network. WPA2 has not been broken in the same way WEP has been, the only known way to break in to a WPA2 network is through brute force. Even if they did somehow get on your network, I can't think of any way or reason for them to change the icon. To me this sounds more like a random bug related to NetworkManager (which is also a bit buggy for me at times). My guess would be that since you are manually adding the connection due to the SSID being hidden it is saving it in the list of custom, user defined networks and for some reason the wrong icon is being used. This seems way more likely than some neighbour breaking into a secure network by guessing the SSID and key and then somehow getting into a PC on that network (which should also be basically impossible) to change the icon.Thanks for the response Cameron. Please view the screenshot I attached in previous post. That "wired" icon and the SSID were there, and then gone. No one made that graphic. It's the real deal. While that was happening, I was disconnected from the wifi router. Within 3 minutes it was gone and I was back online. If you can link me to a launchpad bug post or two that specifically discuss this very type of "bug", I'd like to read up on it. Thanks. I think Network Manager shows both available Wireless connections as well as any active wired connections. PJ-673_0001 (numbers may vary) is the host name of the "Brother PocketJet 673" when on a network, and is also the SSID that it broadcasts when set to wireless mode. Just to somewhat reproduce the issue, I used my Mint 17.3 laptop and connected my LaserJet Printer to it through both USB as well as Ethernet. When I was connected via Ethernet, I saw a wired network called "NPI3C40E7". More interesting, however, is while with Ethernet it showed at all times, when I connected it via USB, I only saw a wired network called "NPI3C40E7" when I was not connected to any wireless networks. Quote from: camerongray on May 23, 2016, 06:10:19 PM If you are using WPA2 security with a non-guessable key then it is extremely unlikely that anyone was on your network. WPA2 has not been broken in the same way WEP has been, the only known way to break in to a WPA2 network is through brute force. Even if they did somehow get on your network, I can't think of any way or reason for them to change the icon. To me this sounds more like a random bug related to NetworkManager (which is also a bit buggy for me at times). My guess would be that since you are manually adding the connection due to the SSID being hidden it is saving it in the list of custom, user defined networks and for some reason the wrong icon is being used. This seems way more likely than some neighbour breaking into a secure network by guessing the SSID and key and then somehow getting into a PC on that network (which should also be basically impossible) to change the icon. Thanks for your input Cameron. Yeah, this is a weird event. Be advised that it is rather easy to break into WPA/AES protocol via WPS. This was originally done with Reaver. After I read your post, I went online to find articles that I'd already read on how folks break into wifi in the modern day. Ancillary to that, I discovered that some routers leave WPS enabled even after the user has disabled it in the GUI. IOW, you don't know that the protocol is still enabled and you are open to attack. That's one way WPA2 can be circumvented. When WPS is actually disabled, cracking is very difficult to do. Apparently.AndyCountry said: Quote That's one way WPA2 can be circumvented. The link below provides some detail about that. http://www.darkreading.com/mobile/secured-wifi-networks-can-be-circumvented/d/d-id/1136870 Quote Disable WPS in WiFi routers -- if that's possible in your device, experts say Millions of wireless routers worldwide are susceptible to a brute-force attack that breaks a widely deployed built-in security feature for WiFi and ultimately cheats the newest generation of secure WiFi, WPA/WPA2. And as of today, two open-source TOOLS are circulating that simulate the attack YATWAP Yet Another Thing to Worry All People. I'm not aware of the Brother Pocketjet being a particularly well-used hacking tool, myself.Quote from: BC_Programmer on May 25, 2016, 06:58:09 PM I think Network Manager shows both available Wireless connections as well as any active wired connections. PJ-673_0001 (numbers may vary) is the host name of the "Brother PocketJet 673" when on a network, and is also the SSID that it broadcasts when set to wireless mode. Just to somewhat reproduce the issue, I used my Mint 17.3 laptop and connected my LaserJet Printer to it through both USB as well as Ethernet. When I was connected via Ethernet, I saw a wired network called "NPI3C40E7". More interesting, however, is while with Ethernet it showed at all times, when I connected it via USB, I only saw a wired network called "NPI3C40E7" when I was not connected to any wireless networks. Thanks for your reply BC! Especially discovering that it was a Brother mobile printer (or a spoofed one). 1. Network Manager: When I'm connect to the router via cable, the laptop's Network Manager shows all wifi APs in range, along with the laptop's sole wired connection, which is designated by Network Manager as "Wired connection 1". So no malfunction there. 2. The Brother printer (alien network): Network Manager showed it as a wired network connection, which it was not (any idea why?). For years, Network Manager has shown the SSID of my neighbor's wifi-connected HP Printer correctly. 3. I'm dumb, so please be patient. I'm confused about this statement: "More interesting, however, is while with Ethernet it showed at all times, when I connected it via USB, I only saw a wired network called "NPI3C40E7" when I was not connected to any wireless networks." .. Thanks! #2 tells me your wi-fi network is unsecure...Quote 1. Network Manager: When I'm connect to the router via cable, the laptop's Network Manager shows all wifi APs in range, along with the laptop's sole wired connection, which is designated by Network Manager as "Wired connection 1". So no malfunction there. Yes, this is what I was describing. The Network manager shows connected wired connections as well as wireless connections. Quote 2. The Brother printer (alien network): Network Manager showed it as a wired network connection, which it was not (any idea why?). For years, Network Manager has shown the SSID of my neighbor's wifi-connected HP Printer correctly. Software works in a variety of different ways and there are a lot of different kinds of bugs that can crop up. Icons such as those displayed usually are indexed by type, that is, 0 is wireless, 1 is wired, etc. (or something similar). It is far more likely that some sort of incorrect logic in the software may have inadvertently used the incorrect icon. In my mind the most likely explanation is that the wired icon is index 0, the default index. And the network manager encountered an error while attempting to determine whether the printer's access point was secured. As a result, the wired network icon was used. Quote 3. I'm dumb, so please be patient. I'm confused about this statement: "More interesting, however, is while with Ethernet it showed at all times, when I connected it via USB, I only saw a wired network called "NPI3C40E7" when I was not connected to any wireless networks." .. When I connected my Laptop running Linux Mint 17.3 to my Printer using an Ethernet cable, I was able to see the name of the printer ("NPI3C40E7") in the network foldout whether I was connected to a wireless network or not. When I connected via USB, it was only visible if I was not connected to my wireless network. I suspected perhaps you owned the device and had FORGOTTEN it's wireless capabilities. Quote from: patio on May 26, 2016, 07:00:16 PM #2 tells me your wi-fi network is unsecure... Indeed Patio! That was the genesis of my original post on this matter, so I thank you for confirming my suspicions. I'm just trying to understand, in general terms, the attack method(s) used. In that way, I might be able to make security changes that will hopefully make my networks more secure - as you suggest I should. I'd be interested in your thoughts on how an alien printer/device can be injected onto my network, show up as a device connected by Ethernet cable to my router, which it wasn't - I was sitting in front of the router at the time this took place, then after a few minutes, simply disappear. BC_Programmer deftly discovered that the alien device is, or is spoofing, a Brotther mobile printer. Some time ago, the computer I lent my stepfather had a motherboard failure. "Somethings wrong with the computer, I think it is Korean hackers" I determined it was some failed CPU Power capacitors. When I relayed this discovery- "How did the Koreans cause that"? He refuses to abandon his theory that it was caused by Korean Hackers. Any attempt to explain how the system failed MUST fall into a context involving Korean hackers, and if I don't introduce the element, he rolls my explanation into one involving them. It's a useless discussion. Last I checked his theory was that they were scammers and they purposely caused the capacitors to fail in order to sell me new ones. Totally worth it to get my .68 cents for 12 capacitors, I suppose. I'll leave it to be interpreted exactly how I think this story is relevant here.Quote from: AndyCountry on May 27, 2016, 12:08:31 PM Indeed Patio! That was the genesis of my original post on this matter, so I thank you for confirming my suspicions. I'm just trying to understand, in general terms, the attack method(s) used. In that way, I might be able to make security changes that will hopefully make my networks more secure - as you suggest I should. A neighbour's wireless printer showing up means nothing to do with the security of your own network, the printer essentially acts as it's own access point and broadcasts it's own network. What are you using to secure the network? WPA2? If so then you have nothing to worry about, WPA2 with a non-guessable key is, for all intents and purposes, secure. From what I can see here, all that is happening is that a WiFi enabled printer is showing up with a different icon (possibly because it acts as a Ad-hoc network or WiFi Direct device which causes Mint to show a different icon for some reason). I completely doubt that there is anything malicious going on.

Answer»

I'm running Mint 17.3 --

I've googled this with many search terms to no avail. Hopefully someone here can link me to the explanation, or type it out for me.

A couple hours ago, I'd lost my wifi connection to the router - which is very unusual. I'm not broadcasting the SSID, so I simply bring up the list of available wifi networks, select "connect to hidden wifi network", select mine and try to reconnect - without success. But I notice something... a never-seen-before network SSID with a wired network icon beside it ?!? This is in the list of wireless networks.

A couple minutes later, the mystery network SSID was gone and I could reconnect. I have my THEORIES on what just transpired, but I'd like some expert opinions please.

Thanks in advance y'all.

What network adapter are you using, and do you know the driver being used to share here? It might be a bug.

I have had a similar issue with Mint 17.2 and a reboot of Mint fixed it. I went out and bought a newer more modern USB wireless adapter and that fixed my issue. In my situation at boot Linux mounted the wireless internal to laptop. Then at some point it loses the connection and the adapter actually vanishes from hardware list with no ability to get it back while in that session. YET a reboot and everything works fine for a while and then the problem repeated. I bought one of those cheap USB wireless adapters that states it has Linux support and that fixed my issue. Laptop no longer drops out on me.

I used this specific model and it fixed my issue with the drop out and gone wireless crash situation:

http://www.newegg.com/Product/Product.aspx?Item=N82E16833315091

Quote

System Requirements
Windows 7/Vista/XP, Mac OS, Linux

Thanks for the thoughtful response Dave. I've also fought those fights with 17.2 but with 17.3 that is no longer an issue, thankfully.

There's all kinds of back-story with my wifi networks and my neighbors. But they were sponging off my wifi network. I tightened security as much as one can with non-enterprise routers, and that finally convinced them to call Comcrap to install cable Internet in their hovel.. So this issue I'm posting about is likely one of their script kiddie FRIENDS practicing packet injection, but I'm not too concerned. I really would love to get your opinion on this matter, however.

I'm rather curious about why the icon is the "wrong" one, per the screenshot.

I've always thought that my local machine has its own icon that is called by the OS when I go to view the list of available wifi networks. IOW, that icon is "fixed" and only the wifi network name would be a variable.

Ultimately, I know they got onto my wifi to some extent, I just wonder if they got into my machine. .. since they definitely changed the icon that should have been used in this situation.

Thanks in advance, Dave!

[attachment deleted by admin to conserve space]If you are using WPA2 security with a non-guessable key then it is extremely unlikely that anyone was on your network. WPA2 has not been broken in the same way WEP has been, the only known way to break in to a WPA2 network is through brute force. Even if they did somehow get on your network, I can't think of any way or reason for them to change the icon.

To me this sounds more like a random bug related to NetworkManager (which is also a bit buggy for me at times). My guess would be that since you are manually adding the connection due to the SSID being hidden it is saving it in the list of custom, user defined networks and for some reason the wrong icon is being used. This seems way more likely than some neighbour breaking into a secure network by guessing the SSID and key and then somehow getting into a PC on that network (which should also be basically impossible) to change the icon.Thanks for the response Cameron. Please view the screenshot I attached in previous post. That "wired" icon and the SSID were there, and then gone. No one made that graphic. It's the real deal.

While that was happening, I was disconnected from the wifi router. Within 3 minutes it was gone and I was back online. If you can link me to a launchpad bug post or two that specifically discuss this very type of "bug", I'd like to read up on it. Thanks.

I think Network Manager shows both available Wireless connections as well as any active wired connections.

PJ-673_0001 (numbers may vary) is the host name of the "Brother PocketJet 673" when on a network, and is also the SSID that it broadcasts when set to wireless mode.

Just to somewhat reproduce the issue, I used my Mint 17.3 laptop and connected my LaserJet Printer to it through both USB as well as Ethernet. When I was connected via Ethernet, I saw a wired network called "NPI3C40E7". More interesting, however, is while with Ethernet it showed at all times, when I connected it via USB, I only saw a wired network called "NPI3C40E7" when I was not connected to any wireless networks.

Quote from: camerongray on May 23, 2016, 06:10:19 PM

If you are using WPA2 security with a non-guessable key then it is extremely unlikely that anyone was on your network. WPA2 has not been broken in the same way WEP has been, the only known way to break in to a WPA2 network is through brute force. Even if they did somehow get on your network, I can't think of any way or reason for them to change the icon.

To me this sounds more like a random bug related to NetworkManager (which is also a bit buggy for me at times). My guess would be that since you are manually adding the connection due to the SSID being hidden it is saving it in the list of custom, user defined networks and for some reason the wrong icon is being used. This seems way more likely than some neighbour breaking into a secure network by guessing the SSID and key and then somehow getting into a PC on that network (which should also be basically impossible) to change the icon.

Thanks for your input Cameron. Yeah, this is a weird event. Be advised that it is rather easy to break into WPA/AES protocol via WPS. This was originally done with Reaver. After I read your post, I went online to find articles that I'd already read on how folks break into wifi in the modern day. Ancillary to that, I discovered that some routers leave WPS enabled even after the user has disabled it in the GUI. IOW, you don't know that the protocol is still enabled and you are open to attack.

That's one way WPA2 can be circumvented. When WPS is actually disabled, cracking is very difficult to do. Apparently.AndyCountry said:
Quote

That's one way WPA2 can be circumvented.

The link below provides some detail about that.
http://www.darkreading.com/mobile/secured-wifi-networks-can-be-circumvented/d/d-id/1136870
Quote

Disable WPS in WiFi routers -- if that's possible in your device, experts say
Millions of wireless routers worldwide are susceptible to a brute-force attack that breaks a widely deployed built-in security feature for WiFi and ultimately cheats the newest generation of secure WiFi, WPA/WPA2. And as of today, two open-source TOOLS are circulating that simulate the attack

YATWAP
Yet Another Thing to Worry All People.
I'm not aware of the Brother Pocketjet being a particularly well-used hacking tool, myself.Quote from: BC_Programmer on May 25, 2016, 06:58:09 PM

I think Network Manager shows both available Wireless connections as well as any active wired connections.

PJ-673_0001 (numbers may vary) is the host name of the "Brother PocketJet 673" when on a network, and is also the SSID that it broadcasts when set to wireless mode.

Just to somewhat reproduce the issue, I used my Mint 17.3 laptop and connected my LaserJet Printer to it through both USB as well as Ethernet. When I was connected via Ethernet, I saw a wired network called "NPI3C40E7". More interesting, however, is while with Ethernet it showed at all times, when I connected it via USB, I only saw a wired network called "NPI3C40E7" when I was not connected to any wireless networks.

Thanks for your reply BC! Especially discovering that it was a Brother mobile printer (or a spoofed one).

1. Network Manager: When I'm connect to the router via cable, the laptop's Network Manager shows all wifi APs in range, along with the laptop's sole wired connection, which is designated by Network Manager as "Wired connection 1". So no malfunction there.

2. The Brother printer (alien network): Network Manager showed it as a wired network connection, which it was not (any idea why?). For years, Network Manager has shown the SSID of my neighbor's wifi-connected HP Printer correctly.

3. I'm dumb, so please be patient. I'm confused about this statement: "More interesting, however, is while with Ethernet it showed at all times, when I connected it via USB, I only saw a wired network called "NPI3C40E7" when I was not connected to any wireless networks." ..

Thanks!

#2 tells me your wi-fi network is unsecure...Quote

1. Network Manager: When I'm connect to the router via cable, the laptop's Network Manager shows all wifi APs in range, along with the laptop's sole wired connection, which is designated by Network Manager as "Wired connection 1". So no malfunction there.

Yes, this is what I was describing. The Network manager shows connected wired connections as well as wireless connections.

Quote

2. The Brother printer (alien network): Network Manager showed it as a wired network connection, which it was not (any idea why?). For years, Network Manager has shown the SSID of my neighbor's wifi-connected HP Printer correctly.

Software works in a variety of different ways and there are a lot of different kinds of bugs that can crop up. Icons such as those displayed usually are indexed by type, that is, 0 is wireless, 1 is wired, etc. (or something similar). It is far more likely that some sort of incorrect logic in the software may have inadvertently used the incorrect icon. In my mind the most likely explanation is that the wired icon is index 0, the default index. And the network manager encountered an error while attempting to determine whether the printer's access point was secured. As a result, the wired network icon was used.

Quote

3. I'm dumb, so please be patient. I'm confused about this statement: "More interesting, however, is while with Ethernet it showed at all times, when I connected it via USB, I only saw a wired network called "NPI3C40E7" when I was not connected to any wireless networks." ..

When I connected my Laptop running Linux Mint 17.3 to my Printer using an Ethernet cable, I was able to see the name of the printer ("NPI3C40E7") in the network foldout whether I was connected to a wireless network or not. When I connected via USB, it was only visible if I was not connected to my wireless network. I suspected perhaps you owned the device and had FORGOTTEN it's wireless capabilities.
Quote from: patio on May 26, 2016, 07:00:16 PM

#2 tells me your wi-fi network is unsecure...

Indeed Patio!

That was the genesis of my original post on this matter, so I thank you for confirming my suspicions. I'm just trying to understand, in general terms, the attack method(s) used. In that way, I might be able to make security changes that will hopefully make my networks more secure - as you suggest I should.

I'd be interested in your thoughts on how an alien printer/device can be injected onto my network, show up as a device connected by Ethernet cable to my router, which it wasn't - I was sitting in front of the router at the time this took place, then after a few minutes, simply disappear.

BC_Programmer deftly discovered that the alien device is, or is spoofing, a Brotther mobile printer. Some time ago, the computer I lent my stepfather had a motherboard failure. "Somethings wrong with the computer, I think it is Korean hackers"

I determined it was some failed CPU Power capacitors. When I relayed this discovery- "How did the Koreans cause that"?

He refuses to abandon his theory that it was caused by Korean Hackers. Any attempt to explain how the system failed MUST fall into a context involving Korean hackers, and if I don't introduce the element, he rolls my explanation into one involving them. It's a useless discussion. Last I checked his theory was that they were scammers and they purposely caused the capacitors to fail in order to sell me new ones. Totally worth it to get my .68 cents for 12 capacitors, I suppose.

I'll leave it to be interpreted exactly how I think this story is relevant here.Quote from: AndyCountry on May 27, 2016, 12:08:31 PM

Indeed Patio!

That was the genesis of my original post on this matter, so I thank you for confirming my suspicions. I'm just trying to understand, in general terms, the attack method(s) used. In that way, I might be able to make security changes that will hopefully make my networks more secure - as you suggest I should.

A neighbour's wireless printer showing up means nothing to do with the security of your own network, the printer essentially acts as it's own access point and broadcasts it's own network.
What are you using to secure the network? WPA2? If so then you have nothing to worry about, WPA2 with a non-guessable key is, for all intents and purposes, secure.

From what I can see here, all that is happening is that a WiFi enabled printer is showing up with a different icon (possibly because it acts as a Ad-hoc network or WiFi Direct device which causes Mint to show a different icon for some reason). I completely doubt that there is anything malicious going on.

Solve : Weird. Unknown wired network shows up in Wireless list!?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment