Hello,
i'm getting the following alert;
SSID [myipng] was advertised by a device with unexpected fingerprint [278f6b642a0f9176047f833a503c8387f036e53fd5b150bcb7248d4f21ff06ff]
First seen:
2021-09-19T13:25:48+02:00 (32 minutes ago)
Last seen:
2021-09-19T13:27:29+02:00 (31 minutes ago)
Meta Information
bssid
fc:ec:da:4f:81:01
ssid
myipng
bandit_fingerprint
278f6b642a0f9176047f833a503c8387f036e53fd5b150bcb7248d4f21ff06ff
channel
44
frequency
5220
antenna_signal
-62
Frames
2
Subsystem
DOT_11
Alert Type ID
UNEXPECTED_FINGERPRINT_BEACON
The nzyme.conf looks like that:
802_11_networks: [
{
ssid: myipng
channels: [1,2,3,4,5,6,7,8,9,10,11,12,13,36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128]
security: [WPA2-PSK-CCMP]
beacon_rate: 40
bssids: [
{
address: "fc:ec:da:4f:f1:12"
fingerprints: [
0d7a011b357b7b9fa4346f92107aafbcb33c611fdfafc1c91526fcf4b2d67f7f
1ca4cbab1ed76b3d19065ba8776fa98c5f436f2ad8b9d804d17b59bdd95db22b
278f6b642a0f9176047f833a503c8387f036e53fd5b150bcb7248d4f21ff06ff
3d16696d1adb775745422a7d63f2a847d6599d3605c3af3d022d4ba09b0c8c3d
4db22a8f5b77336956b8af0fccd30b72cf660904d3ef058d0691bea3dda06b60
633c97332d33c7d3c8e4ed59d628f8a95364c8482ca651174849cbc159935657
6dd6b742ebb05073b5ec6f04d763e28b14d1fa2f62198a802d209bdac84d1367
74f990206b3b3e39622947c5a4b24ed2406061e3e2d85f211ddce3a47c294c51
90b303404d1bb7dfcc73095655f6f9822dcbc2ac04eb61004c41d660ac838cf4
a9916fe621b95ef512c75884ee1f0714de39f52ac8e54abd0c397c344d071e1d
aac6df6031b4318dc091184362af6e04865009ccdffd85b1d92db3ce56f6a6a6
c3e7bb86fdafcf0c3856f6bf7450a1c86cebca227f9507a243db03155f11c8b8
e4691ca420980a11d10c3d25f40dcecb1a99519a5e45c7ff83bb2daccc8d7c4d
faf5c66307132df81ef3b5568161d7250d2baee004297e03d3c1d351d89211c9
]
}
{
address: "fc:ec:da:4f:f1:13"
fingerprints: [
0d7a011b357b7b9fa4346f92107aafbcb33c611fdfafc1c91526fcf4b2d67f7f
1ca4cbab1ed76b3d19065ba8776fa98c5f436f2ad8b9d804d17b59bdd95db22b
278f6b642a0f9176047f833a503c8387f036e53fd5b150bcb7248d4f21ff06ff
3d16696d1adb775745422a7d63f2a847d6599d3605c3af3d022d4ba09b0c8c3d
4db22a8f5b77336956b8af0fccd30b72cf660904d3ef058d0691bea3dda06b60
633c97332d33c7d3c8e4ed59d628f8a95364c8482ca651174849cbc159935657
6dd6b742ebb05073b5ec6f04d763e28b14d1fa2f62198a802d209bdac84d1367
74f990206b3b3e39622947c5a4b24ed2406061e3e2d85f211ddce3a47c294c51
90b303404d1bb7dfcc73095655f6f9822dcbc2ac04eb61004c41d660ac838cf4
a9916fe621b95ef512c75884ee1f0714de39f52ac8e54abd0c397c344d071e1d
aac6df6031b4318dc091184362af6e04865009ccdffd85b1d92db3ce56f6a6a6
c3e7bb86fdafcf0c3856f6bf7450a1c86cebca227f9507a243db03155f11c8b8
e4691ca420980a11d10c3d25f40dcecb1a99519a5e45c7ff83bb2daccc8d7c4d
faf5c66307132df81ef3b5568161d7250d2baee004297e03d3c1d351d89211c9
]
}
{
address: "fc:ec:da:4f:81:00"
fingerprints: [
0d7a011b357b7b9fa4346f92107aafbcb33c611fdfafc1c91526fcf4b2d67f7f
1ca4cbab1ed76b3d19065ba8776fa98c5f436f2ad8b9d804d17b59bdd95db22b
278f6b642a0f9176047f833a503c8387f036e53fd5b150bcb7248d4f21ff06ff
3d16696d1adb775745422a7d63f2a847d6599d3605c3af3d022d4ba09b0c8c3d
4db22a8f5b77336956b8af0fccd30b72cf660904d3ef058d0691bea3dda06b60
633c97332d33c7d3c8e4ed59d628f8a95364c8482ca651174849cbc159935657
6dd6b742ebb05073b5ec6f04d763e28b14d1fa2f62198a802d209bdac84d1367
74f990206b3b3e39622947c5a4b24ed2406061e3e2d85f211ddce3a47c294c51
90b303404d1bb7dfcc73095655f6f9822dcbc2ac04eb61004c41d660ac838cf4
a9916fe621b95ef512c75884ee1f0714de39f52ac8e54abd0c397c344d071e1d
aac6df6031b4318dc091184362af6e04865009ccdffd85b1d92db3ce56f6a6a6
c3e7bb86fdafcf0c3856f6bf7450a1c86cebca227f9507a243db03155f11c8b8
e4691ca420980a11d10c3d25f40dcecb1a99519a5e45c7ff83bb2daccc8d7c4d
faf5c66307132df81ef3b5568161d7250d2baee004297e03d3c1d351d89211c9
]
}
{
address: "fc:ec:da:4f:81:01"
fingerprints: [
0d7a011b357b7b9fa4346f92107aafbcb33c611fdfafc1c91526fcf4b2d67f7f
1ca4cbab1ed76b3d19065ba8776fa98c5f436f2ad8b9d804d17b59bdd95db22b
278f6b642a0f9176047f833a503c8387f036e53fd5b150bcb7248d4f21ff06ff
3d16696d1adb775745422a7d63f2a847d6599d3605c3af3d022d4ba09b0c8c3d
4db22a8f5b77336956b8af0fccd30b72cf660904d3ef058d0691bea3dda06b60
633c97332d33c7d3c8e4ed59d628f8a95364c8482ca651174849cbc159935657
6dd6b742ebb05073b5ec6f04d763e28b14d1fa2f62198a802d209bdac84d1367
74f990206b3b3e39622947c5a4b24ed2406061e3e2d85f211ddce3a47c294c51
90b303404d1bb7dfcc73095655f6f9822dcbc2ac04eb61004c41d660ac838cf4
a9916fe621b95ef512c75884ee1f0714de39f52ac8e54abd0c397c344d071e1d
aac6df6031b4318dc091184362af6e04865009ccdffd85b1d92db3ce56f6a6a6
c3e7bb86fdafcf0c3856f6bf7450a1c86cebca227f9507a243db03155f11c8b8
e4691ca420980a11d10c3d25f40dcecb1a99519a5e45c7ff83bb2daccc8d7c4d
faf5c66307132df81ef3b5568161d7250d2baee004297e03d3c1d351d89211c9
]
}
]
}
{
ssid: myipng_guest
channels: [1,2,3,4,5,6,7,8,9,10,11,12,13,36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128]
security: [WPA2-PSK-CCMP]
beacon_rate: 40
bssids: [
{
address: "fe:ec:da:1f:f1:12"
fingerprints: [
0d7a011b357b7b9fa4346f92107aafbcb33c611fdfafc1c91526fcf4b2d67f7f
1ca4cbab1ed76b3d19065ba8776fa98c5f436f2ad8b9d804d17b59bdd95db22b
278f6b642a0f9176047f833a503c8387f036e53fd5b150bcb7248d4f21ff06ff
3d16696d1adb775745422a7d63f2a847d6599d3605c3af3d022d4ba09b0c8c3d
4db22a8f5b77336956b8af0fccd30b72cf660904d3ef058d0691bea3dda06b60
633c97332d33c7d3c8e4ed59d628f8a95364c8482ca651174849cbc159935657
6dd6b742ebb05073b5ec6f04d763e28b14d1fa2f62198a802d209bdac84d1367
74f990206b3b3e39622947c5a4b24ed2406061e3e2d85f211ddce3a47c294c51
90b303404d1bb7dfcc73095655f6f9822dcbc2ac04eb61004c41d660ac838cf4
a9916fe621b95ef512c75884ee1f0714de39f52ac8e54abd0c397c344d071e1d
aac6df6031b4318dc091184362af6e04865009ccdffd85b1d92db3ce56f6a6a6
c3e7bb86fdafcf0c3856f6bf7450a1c86cebca227f9507a243db03155f11c8b8
e4691ca420980a11d10c3d25f40dcecb1a99519a5e45c7ff83bb2daccc8d7c4d
faf5c66307132df81ef3b5568161d7250d2baee004297e03d3c1d351d89211c9
]
}
{
address: "fc:ec:da:1f:f1:13"
fingerprints: [
0d7a011b357b7b9fa4346f92107aafbcb33c611fdfafc1c91526fcf4b2d67f7f
1ca4cbab1ed76b3d19065ba8776fa98c5f436f2ad8b9d804d17b59bdd95db22b
278f6b642a0f9176047f833a503c8387f036e53fd5b150bcb7248d4f21ff06ff
3d16696d1adb775745422a7d63f2a847d6599d3605c3af3d022d4ba09b0c8c3d
4db22a8f5b77336956b8af0fccd30b72cf660904d3ef058d0691bea3dda06b60
633c97332d33c7d3c8e4ed59d628f8a95364c8482ca651174849cbc159935657
6dd6b742ebb05073b5ec6f04d763e28b14d1fa2f62198a802d209bdac84d1367
74f990206b3b3e39622947c5a4b24ed2406061e3e2d85f211ddce3a47c294c51
90b303404d1bb7dfcc73095655f6f9822dcbc2ac04eb61004c41d660ac838cf4
a9916fe621b95ef512c75884ee1f0714de39f52ac8e54abd0c397c344d071e1d
aac6df6031b4318dc091184362af6e04865009ccdffd85b1d92db3ce56f6a6a6
c3e7bb86fdafcf0c3856f6bf7450a1c86cebca227f9507a243db03155f11c8b8
e4691ca420980a11d10c3d25f40dcecb1a99519a5e45c7ff83bb2daccc8d7c4d
faf5c66307132df81ef3b5568161d7250d2baee004297e03d3c1d351d89211c9
]
}
{
address: "fe:ec:da:1f:81:00"
fingerprints: [
0d7a011b357b7b9fa4346f92107aafbcb33c611fdfafc1c91526fcf4b2d67f7f
1ca4cbab1ed76b3d19065ba8776fa98c5f436f2ad8b9d804d17b59bdd95db22b
278f6b642a0f9176047f833a503c8387f036e53fd5b150bcb7248d4f21ff06ff
3d16696d1adb775745422a7d63f2a847d6599d3605c3af3d022d4ba09b0c8c3d
4db22a8f5b77336956b8af0fccd30b72cf660904d3ef058d0691bea3dda06b60
633c97332d33c7d3c8e4ed59d628f8a95364c8482ca651174849cbc159935657
6dd6b742ebb05073b5ec6f04d763e28b14d1fa2f62198a802d209bdac84d1367
74f990206b3b3e39622947c5a4b24ed2406061e3e2d85f211ddce3a47c294c51
90b303404d1bb7dfcc73095655f6f9822dcbc2ac04eb61004c41d660ac838cf4
a9916fe621b95ef512c75884ee1f0714de39f52ac8e54abd0c397c344d071e1d
aac6df6031b4318dc091184362af6e04865009ccdffd85b1d92db3ce56f6a6a6
c3e7bb86fdafcf0c3856f6bf7450a1c86cebca227f9507a243db03155f11c8b8
e4691ca420980a11d10c3d25f40dcecb1a99519a5e45c7ff83bb2daccc8d7c4d
faf5c66307132df81ef3b5568161d7250d2baee004297e03d3c1d351d89211c9
]
}
{
address: "fe:ec:da:1f:81:01"
fingerprints: [
0d7a011b357b7b9fa4346f92107aafbcb33c611fdfafc1c91526fcf4b2d67f7f
1ca4cbab1ed76b3d19065ba8776fa98c5f436f2ad8b9d804d17b59bdd95db22b
278f6b642a0f9176047f833a503c8387f036e53fd5b150bcb7248d4f21ff06ff
3d16696d1adb775745422a7d63f2a847d6599d3605c3af3d022d4ba09b0c8c3d
4db22a8f5b77336956b8af0fccd30b72cf660904d3ef058d0691bea3dda06b60
633c97332d33c7d3c8e4ed59d628f8a95364c8482ca651174849cbc159935657
6dd6b742ebb05073b5ec6f04d763e28b14d1fa2f62198a802d209bdac84d1367
74f990206b3b3e39622947c5a4b24ed2406061e3e2d85f211ddce3a47c294c51
90b303404d1bb7dfcc73095655f6f9822dcbc2ac04eb61004c41d660ac838cf4
a9916fe621b95ef512c75884ee1f0714de39f52ac8e54abd0c397c344d071e1d
aac6df6031b4318dc091184362af6e04865009ccdffd85b1d92db3ce56f6a6a6
c3e7bb86fdafcf0c3856f6bf7450a1c86cebca227f9507a243db03155f11c8b8
e4691ca420980a11d10c3d25f40dcecb1a99519a5e45c7ff83bb2daccc8d7c4d
faf5c66307132df81ef3b5568161d7250d2baee004297e03d3c1d351d89211c9
]
}
]
}
]
The fingerprint "278f6b642a0f9176047f833a503c8387f036e53fd5b150bcb7248d4f21ff06ff" on myipng with fc:ec:da:4f:81:01 is correct (?) defined.
See somebody the problem or is something wrong with the parsing from the nzyme.conf.
Something that i see also - wenn i click on the Link from the BSSID in Alerts , i see only 1 or 2 fingerprints and not all 14?!
Thanks