Evil twin warning

Ok so been having problems with mt network but only on wifi connections. So i installed glasswire and it wasnt long that after I got an evil twin warning. So I scanned devices and found my arris router listed twice with 2 different mac addresses and IP addresses. On has my gateway IP the other does not. I reset the router but both router persist. What can be down to block this other router. Also it does not show up on my router device list but is on the glasswire network scan.

Multiple MAC addresses are common for routers. For example, if you can separately use more than one WiFi frequency band, i.e. 2.4GHz and 5.0GHz, then they will have separate MAC addresses and IP addresses.

Your PC will be connected to the router using WiFi which is why you can see both. My PC is cabled so I only ever see one address for the router and cannot see the WiFi addresses.

The main reason for blocking either of the addresses is simply to see what happens to confirm which features are available at each address. This is also useful to diagnose misconfiguration which is another possible, but I think unlikely, cause of multiple addresses.

The various router addresses will not normally be included in the list of devices attached to the router because they are not separate devices. The IP addresses for the router are normally defined in the router defaults or other settings.


Thanks for the response. OK so when i connect via ethernet cable my PC is listed as HP/PC and given an address and when I connect via wifi it list my PC as Hon Hai ind co, and your correct the addresses are different for each. Although my question is about the arris router listed twice.Its listed once with my gateways ip and then listed again with a completely different ip which seems to be the cause of the evil twin warning i am getting

1 Like

That is the question I answered in the first paragraph. The two addresses are normally for your WiFi.

An “evil twin” is a separate device which would be masquerading as your router.

So how do I determine if there really is an evil twin? Here are the three methods I’d use:

  1. Check your router configuration settings. Some defaults are probably recorded in the vendor’s documentation/help for your router.

  2. Try switching off services on your router (e.g. switch of the 2.4GHz band) or switch off the router itself to see which addresses disappear.

  3. Check the details of the WiFi access points using a WiFi scanner. I use an app on my Android phone to see such details which include an estimate of how far away the access point is.
    FYI, the app is “WiFiAnalyser (open source)” by VREM software Development.

I prefer this third method so here’s an example of WiFi scanning my own network.

I have mesh WiFi with two access points cabled to my router. Each access point has two IP addresses, one for each of the 2.4 & 5.0 GHz WiFi frequency bands. Here’s some of the details I can see which are sufficient for me to see that these are my own devices:

MAC address Frequency Distance
xx:xx:xx:c7:f8:36 2412MHz ~1.8m
xx:xx:xx:c7:f8:37 2412MHz ~2.1m
xx:xx:xx:c7:e4:2a 5745MHz ~3.9m
xx:xx:xx:c7:e4:2b 5745MHz ~10.4m

The devices are about 2m and 8m away from my desk in opposite directions so it is easy to check their actual location by moving my phone around and confirming that the estimated distances triangulate to their actual locations.

1 Like