Ask Your Question

Revision history [back]

unknown mac vendor

I have a suspicious wifi access point mac address ba:b2:a3:17:7b:b3 reported/displayed in the Symantec endpoint console. The mac address vendor is unknown in the wireshark vendor lookup tool. I have scanned our network to see if this mac shows up anywhere without any luck.

Here is the "explanation" from Symantec: The system administrators of this corporate Wi-Fi defined a set of properties identifying hotspots in the network. By analyzing the data from the WiFi connection Symantec identified a discrepancy that indicates a suspicious hotspot.

What to do next? I would like to hear if anyone has experienced a similar situation?