Should I be able to see my broadcast SSID when my router is turned off

Is it possible for my employer to spoof my wireless hub by using the same SSID. I am not trying to be paranoid but I have seen some strange behavior.

Here are some of the issues that I have seen.

Constantly kicked off my wireless hub at work but it works fine at home which is 30 miles away
I can still see my broadcast SSID even after rebooting my laptop that has never been on my employers network and the wireless hub is turned off.

If you're wondering why I even need to get on my own personal network it all stems from not being able to connect to my employers network directly (VPN) and also need to download software and updates, not allowed from their network.

John Aschenbrenner

Posted 2015-01-28T22:47:52.380

Reputation: 13

Any router or access point can broadcast any SSID. But the authentication should fail if they're not using the same key as you. – Barmar – 2015-01-28T23:02:32.027

Answers

It is very likely that your employer is using some sort of "rogue mitigation" component of their wireless infrastructure. These will typically work by "spoofing" the devices on the rogue network and sending management frames that cause the client and/or AP to drop the connection.

This has long been a "gray" feature legally, with most vendors saying it is fine as long as you are careful to only address devices within your property.

More recently, Marriott ran afoul of the FCC by using these features in one of their motels (despite what everyone says, the FCC did not fine Marriott, instead Marriott settled), and just yesterday the FCC released an advisory concerning the matter. Unfortunately, the advisory is still a bit lacking in clarity and I am sure we have not seen the end of the issue yet.

I would suggest that you discuss this issue with your IT staff for three reasons:

They may need to make adjustments to avoid any problems with the FCC.
You may need to be aware of any potential issues you could be subject to for using your devices at work in this way. It is always nice to have the "official" okay if someone discovers you using it in the future, especially since this could be grounds for termination at some companies.
They may be able to provide a better solution to your problems that would be more agreeable to everyone than running your own hot spot at work.

YLearn

Posted 2015-01-28T22:47:52.380

Reputation: 1 741

In an effort to troubleshoot this a bit further before I go to their IT department, I set up my hot spot to not broadcast it's SSID (hidden network) with a different SSID. I am hoping that they will not be able to spoof this. Unfortunately, I am being kicked off my mobile hotspot after about 5 minutes. Are they still able to spoof me? – John Aschenbrenner – 2015-01-29T16:52:10.540

Absolutely. Just because you "hide" the SSID doesn't make you invisible. The presence of your devices can still be detected and mitigated against. – YLearn – 2015-01-29T18:56:31.577

You should not be able to see your broadcast SSID if your Wireless Access PSo oint is turned off.

Most consumer-grade "Wireless routers" are actually 3 devices built into one:

a Router
a Wireless Access Point
an ethernet switch (not all routers have built in switch, but most newer ones do)

So unless you have dedicated Router and Access Point, for this scenario, they are in the same box.

In your case, I am thinking your employer might have an enterprise Wireless network where you have multiple Access Points that are all broadcasting the same SSID.

In this case, even if you were to pull the power from one of them, you might still be able to see the network in the list because that SSID is being broadcasted by other devices near you.

From your PC's point of view, two devices would appear to be the same network provided that:

SSID is the same (i.e. "MyNetwork")
security is the same (i.e. WPA2-PSK)
security key is the same (i.e. "abcd1234")

and your PC would not be able to tell them apart (at least not using the normal WiFi connecting interface in most OS's).

Kristian

Posted 2015-01-28T22:47:52.380

Reputation: 2 982

I had at one point the generic name of my wireless hub. I changed it because it is fairly common wireless hub that Verizon sells. I changed it to something totally bizarro so that hopefully there would not be any other devices with my SSID. That is when I noticed that I was still able to see it with my wireless hub turned off. I think that the only reason for this is that they are monitoring wireless networks in their area. They had a very big security breach earlier and I am thinking that they are trying to be proactive. – John Aschenbrenner – 2015-01-29T00:11:11.177