was having trouble with erratic ordinary WIFI reception.
thought it was other wifi signals drifting in from the local area and a
nearby shopping center.
changed ap to a diffirent channel ( was 6 changed to 11).
erractic reception with what appeared to be a good received signal
started again after some time.
late at night last week while setting up a wifi laptop with an
arbritrarily non-default chosen SSID noticed another same named and
channel signal using netstumbler.
ssid was visible.
router type was hidden.
thing was power was off the scale  ( like Star Trek).
signal does not seem to be coming from an adjacent area.
signal ( or at least SSID) disappeared for a time.
then same mac id appeared on channel 11.
any ideas ?

                               thanks

On 26 Mar 2005 11:54:48 -0800, frankdowli***@yahoo.com wrote:

Show quoteHide quoteThe new thing for hackers is to setup an AP and then use yours or
someelses ssid and get them to signon thru their AP and steal the
names and passwords. Could be what you are seeing. Do you have some
businesses near you? Probably not the grocery store but more like some
company that has something worth stealing.

how about a big box electronics store with open routers ?

f/fgeorge wrote:
Show quoteHide quote

On 26 Mar 2005 11:54:48 -0800, frankdowli***@yahoo.com wrote:

If the signal was that strong and visible with Netstumbler, do some
transmitter hunting.  Get a directional antenna or build a reflector
type contraption.  Move around the neighborhood and draw lines on a
map in the direction of the strongest signal.  Most of the lines will
cross at one point.  There's your culprit.

Incidentally, you might wanna buy a new keyboard.  Your shift key
appears to be broken.

Jeff,
  you sure are thorough.
  most likely my typing.
  using a Linksys WRT54G router. 64 bit envryption on.
found this on the wireless site survey in the Linksys control panel.
SSID MAC Channel Rssi noise beacon cap dtim rates

orange 00:12:01:E0:19:70 11 -92 -88 100 1073 0 4(b)

  the SSID Orange is associated with some nearby commercial enterprise.

                                          thank you

Jeff Liebermann wrote:
Show quoteHide quote

On 26 Mar 2005 21:10:28 -0800, frankdowli***@yahoo.com wrote:

Guilty.

Nope.  It's your grammar, or lack thereof that I find lacking.  If you
scribble for your own benefit, then by all means, do it in manner you
find convenient.  However, if you expect others to read and understand
your questions, kindly make some effort to be communicative.  Complete
sentences would be a big help.  Extra credit for not top posting.  I
realize that the extra effort required to hit the shift key for
capitalization may cripple your 5th digit, but methinks it might be
worth the effort and risk.

Cisco access point:
  00-12-01   (hex)              Cisco
  001201     (base 16)          Cisco
                                80 West Tasman
                                SJ-M/1
                                San Jose CA 95134
                                UNITED STATES

IEEE OUI (MAC) address lookup:
  http://standards.ieee.org/regauth/oui/index.shtml
Use the XX-XX-XX form for searching.

I thought you said it was a strong signal?  -92dB is not very strong.

Most home users don't use Cisco access points.  Too expensive.  My
guess is some corporation or company is setting up a backup or
duplicate access point for roaming and is having difficult time.

It's not unusual for companies to have multiple access points with
identical SSID's for roaming.

I scribbled a bit on how I do direction finding.  Googling...
See the last few messages of the above mess.  It's a bit more tricky
with strong signals because of the tendency for the receiver to
overload.  Strong signals also have strong reflections.  Practice with
a known AP location.  It's fun.

Jeff Liebermann <je***@comix.santa-cruz.ca.us> wrote in
I have to agree with you Jeff. When a person is trying to solicit answers
on a public forum, they should at least have the courtesy to post a
readable question.

Sorry for all the trouble.
Did not mean to be rude or insulting in any manner.
The Tech tpes that I deal with often just want the facts in a summary
point form.
This was not the signal that I was concerned about previously.
I have identified this these signals as coming from a very nearby mall.
I have really never caught any information in the Status > Wireless
Surves Scan.
Surprised to see any as have never had 1 receiver in the report even
though there are several clients on my network.
I wondered what this meant.
Did this mean that the router had accepted them and given them an ip ?
Or did it mean that the router had  just found them and was awaiting a
wep code in return ?
Thank you for the Mac adress - Manufacturer link.
I was having touble finding such a table.
Can the Mac adress of the adapter be changed to hide it or is a
unchangeable number emitted from the adapter ?
Also with netstumbler when it reports that the manufacturer is  "fake"
what does this mean ?
Have seen a fake report but with Linksys SSID.
Again my apologies not trying to be disrespectfull in any way.

                                         thanks again


frankdowli***@yahoo.com wrote:
Show quoteHide quote

On 27 Mar 2005 05:47:01 -0800, frankdowli***@yahoo.com wrote:

It varies depending upon the type of question.  If it's a techy
problem, I wanna see:
1.  What problem are you trying to solve?  That can usually be done in
one sentence.
2.  What hardware and software do you have to work with?  That means
make, model, version, software, numbers, etc.  I think that's what you
mean by "summary point form".
3.  What did you do to try and solve the problem and how did it work?

Ummm... There's more than one "signal"?

Is Netstumbler and the WRT54G site survey tool returning the same SSID
and MAC address for these mysterious access points?  Normally,
Netstumbler is MUCH more sensitive and will pickup all manner of
access points.  That's because it takes only one or two packets to ID
the access point, while the site survey tool in most routers are a bit
more conservative.  You will often see access points with Netstumbler
that you cannot connect to as they are far away or weak to negotiate a
connection.  However, you indicated that the signal is quite strong,
so you should see it on both Netstumbler and the site survey tool.

Neither Netstumbler or the site survey tool will show wireless
clients.  Only access points.  I guess you should consider yourself
lucky not to have had any nearby access points.  I suspect that has
just changed.

Growth.  New access point has moved in.

No.  The purpose of the site survey tool is to identify other access
points in the neighborhood, so that you can find a unique SSID and a
clear channel.  It has exactly the same function as Netstumbler and
I'm guessing (not sure) uses exactly the same method of finding them.
Your WRT54G does nothing with these except to identify their presence.

No.  Unless you have WDS enabled and functioning, your WRT54G will do
nothing with the access points it has found.

It's a handy thing to have.  Some of the sniffer tools have a built in
MAC address manufacturer lookup tool to identify the hardware found.
Unfortunately, many manufactories invent their own codes, which make
it difficult to identify.  I was also trying to keep a list of common
wireless devices down to the model numbers.  I assumed that these
would be issued in an organized manner.  Instead, I find some
manufacturers re-using MAC addresses, while others are incredibly
creative and sloppy.  I gave up.

This is not very up to date, but includes many MAC addresses not
officially listed by the IEEE.
  http://www.cavebear.com/CaveBear/Ethernet/

1.  Wireless router or access point.  This is usually fixed in flash
memory and cannot be changed.  The "cloning" of the MAC address will
only change the WAN port MAC address.  The LAN port remains unchanged.
However, someone found how to change it on the LAN side on the WRT54G.
I can't find the URL (thanks to FireFox eating my bookmarks).
2.  Client radios.  All too easy to change.  The "properties" on the
network adapter usually has a custom MAC address setting.  Windoze
will use the MAC address in the registry instead of the one from the
card.
  http://students.washington.edu/natetrue/macshift/
  http://www.klcconsulting.net/smac/
  (there are others)

You'll also see access points with a MAC address of 00-00-00-00-00.

If Netstumbler 0.4 can't decode the manufacturers MAC address or some
part of the AP ID data is unreadable, it will return "fake".
"Unknown" would have been a better choice of terms.  I've also seen
one Centrino laptop that returned "fake" for every access point it
sees.  Seems to be some kind of timing issue, but I'm not sure.  I
just took a quick look at the NetStumbler binary with a hex editor.
The list of manufacturers is compiled into the binary.  It would have
been better to have the index external, so that new manufacturers
could be added.

Most of the customized WRT54G firmware (Sveasoft, OpenWRT, HyperWRT,
etc) will return "fake".

Not a problem.  It gives me a chance to be obnoxious and critical.
Well, I do that all the time anyway, so it's not exactly a special
event.  The problem is not being disrespectful.  It's getting
sufficiently organized to ask a question in a manner in which it can
be answered.  That's not an easy thing to do and requires some
practice.  Consider this feedback as you're doing a marginal job.
It's much like asking support questions over the phone.  The person
you're talking to wants to help, but has zero information on what you
own, what you're dealing with, where you've been with it, and why
you're calling.  For some unknown reason, many callers start with the
details and leave the problem they're trying to solve for last.  It's
difficult to understand the details without the overall context of
knowing what inspired the call.  I usually let them rant for a while
until they eventually announce the problem. 

Incidentally, if you read other peoples questions, you'll notice that
most people simply do not disclose what equipment and software they
are using.  I don't know why people do that, but it drives me to fits
of temporary insanity.  You were good enough to disclose that you are
using a WRT54G.  However, there are 4 different hardware versions, and
numerous firmware versions.  In this case, it wasn't necessary to know
the details, but in the future, it might be helpful to mention the
hardware and firmware versions.

Also, congratulations on the new keyboard.

Amateur Radio Wireless
Microsoft blatant false advertising of MN-710
Am I stuck with WEP?
Help! Wireless connection repeatedly dropping
Where to Get Full Power Access Point