WiFi Rogue AP Detection
Dan Salmon
Hey! What networks are around me?
I've got a WEP network called "Caravan"
I've got a WPA2 network called "Hunting Lodge - 5G"
I've got a WPA2 network called "FishNet"
I'd like to connect to FishNet, please
Yeah, sure okay what's the password
I think it's
Looks good to me, bro
Cool, can I download cat pics now?
Yeah alright
Hey, I also have FishNet
Rogue AP
No thanks, I'm good
Hey I'm that guy and I say disconnect from me
Deauth Attack
Okay, now I'm looking for networks again
Like I said, I have FishNet. What's the password
I think it's
Handshake Captured
Attack Detection
Watch our clients for abnormal # of deauth packets
Deauth
Rogue AP
Watch for APs with similar networks
Handshake Capturing
Not possible
Tool Limitations
Detect cloned MAC addressÂ
Block deauth attacks
Doesn't
Can't
Lookup non-cloned MAC manufacturers
Next Version
- 802.11w (2012)
- Necessary for 802.11ac voluntary certification