The ad-hoc network with SSID of A9F1BDF1DAB1NVT4F4F59 appears all over our office building. I see it as an option in my wireless network chooser as I write this on my laptop, but not on either of my mobile devices; connecting to it requires a WEP password/key, but any character combination appears to work. Strangely, once I connect to it using my laptop, it appears to my mobile devices, with strong signal on all three. What is it, and where is it coming from?
Our IT Operations folks were crawling all five floors of space today to discover its source, unsuccessfully.
Is it a virus? Is it a hacker? Something alien à la Doctor Who?
Seems none of our esteemed network admins had found anything from typing the SSID into a search engine. It looks like a randomly-generated identifier, and since copying and pasting it isn’t trivial in most UIs that display it, typing it manually into a search box is enough of a challenge that a single typo could lead to a fruitless search and, quickly enough, to other avenues including sneaker-net.
A sucker for a good tech mystery, I set aside my developer hat for some good ol’ sleuthing. It was Friday evening anyway, and I was probably just trading in a few beers for a much more satisfying challenge!
The Google search I did on A9F1BDF1DAB1NVT4F4F59 didn’t turn up any page that was particularly helpful in identifying the source of this ad-hoc network… but the sheer number of results (in the 1000+ range) was meaningful in and of itself: a randomly-generated SSID shouldn’t occur with this much frequency. In fact, changing even just one character in the string brings the number of results down to 0 in every case I tried.
It’s safe to presume, based on this observation, that there must be some common, not-so-nefarious device that uses the network ID A9F1BDF1DAB1NVT4F4F59 to identify itself. Trying to come up with something crafty derived from the search results I found, I speculated at first that it might be the RICOH copiers across the building, or the NEC projectors we have in some meeting rooms, with integrated wireless access points active unbeknownst to us.
But could it be something as mundane as a computer? A phone? These days it’s tough to find enough electromagnetic “quiet” space to test in – and my roaming time to travel and experiment is nearly non-existent. It also seems odd that a computer would create an ad-hoc network on its own, without requiring its user to at least configure some basics: on a Mac, sure enough, the operating system even suggests the computer’s network name as an SSID when creating an ad-hoc network. Meanwhile, most phones have another word for ad-hoc networks: tethering, for which the phone companies—eager to monetize every service they can—typically charge an extra monthly fee to activate the feature on the device, which also push users through an explicit configuration interface that is equally unlikely to produce either a randomly-generated SSID (or, for that matter, the one in question here).
In the mean time, with every stationery/mailbox/utility room in the building outfitted in similar fashion… rightly or wrongly, I’m lookin’ at you, Ricoh copier! I feel like, with the popularity of Apple products and their loyal fanbase, someone would have identified them as the source and there’d be many more search hits on the SSID.
UPDATE: Turns out the leading culprit is, in fact, the NEC projectors. Mystery solved? Check yours! How they’re activated, including configuration, is a different story out of scope for this post :o)