Rogue Device
Something is on your network that you didn’t put there.
What it is
A rogue device is any device on your network that you didn’t put there — a neighbor who guessed your WiFi password, a guest who never left, or, in the worst case, an attacker who has gained a foothold on your LAN.
Not every new device is malicious — a friend’s phone is usually harmless. But you can’t make that call if you can’t even see what’s connected. Most people have no idea.
Something is on your network that you didn’t put there.
How attackers do it
An attacker who gets onto your network — through a weak password, a compromised IoT gadget, or physical access to an Ethernet port — becomes just another host on your LAN. From there they can scan for other devices, attempt ARP spoofing, or pivot to anything else on the network.
The challenge is visibility: your router’s admin page often shows an incomplete or stale list, and a device that stays quiet can sit unnoticed for a long time.
How we detect it
WifiThreatWatch ping-sweeps your entire subnet concurrently — dozens of pings at once, a full sweep in seconds — to force every device to reveal itself, even ones your PC hasn’t talked to. That’s what makes all devices visible, not just the handful in your local cache.
It keeps a map of every IP-to-MAC pairing and a set of known devices. A MAC address that has never been seen before is flagged as a rogue device. On the very first run it quietly seeds the baseline so it doesn’t flood you by labeling every existing device as new.
The same loop powers live device tracking — manufacturer lookup, and an online/offline status verified by live pings each cycle.
How we stop it
A new device is informational by design — you decide whether it belongs. WifiThreatWatch surfaces it immediately with its IP, manufacturer, and the time it first joined, so you can recognize it or investigate.
If that rogue device starts behaving like an attacker — poisoning ARP, impersonating the gateway — the detection escalates to a critical alert, and Active Defense is one tap away.
ARP Spoofing
An attacker on your network impersonates your router to silently intercept everything you send.
Read more →Evil Twin
A fake access point broadcasts your network’s name to lure your device onto attacker-controlled hardware.
Read more →Homoglyph SSID
A network named with look-alike Unicode characters renders identical to yours but isn’t.
Read more →