When a client connects to an AP, operating system utilities normally allow the client to save the SSID. In the future, when that SSID is seen again, the client can create a connection automatically. There is a possibility that clients will be unaware of the connection. If the SSID is being spoofed, the client could connect to a potentially unsafe network. Consider the following scenario. An attacker learns the SSID of your corporate network. Using this information, he sends beacons advertising your SSID. A wireless station in the range of the rogue AP connects to the AP. The AP allows connectivity to the Internet but is not actually on your corporate wired network. Using tools that are easily available on the Internet, another client connected to the same rogue AP attacks the misassociated client and steals valuable corporate data.
This scenario employs multiple attack methods. It uses a method known as management frame spoofingas well as an active attack against a misassociated client. So how can this be prevented? The answer begins with a function called Management Frame Protection.
Was this article helpful?