Wireless Access Points Get Sneaky

Naivete or nastiness? However a wireless AP gets plugged into a company's network, each one creates an access point where anyone can bypass firewalls and remotely access sensitive information. And despite a company's best efforts, there are a few tricks that attackers use to foil even the best rogue WAP detection efforts. One that caught our eye was Wireless Knocking.

With wireless knocking, a rogue AP sits on the network in monitor mode, listening for probe requests. When the rogue AP receives a packet (or sequence of packets) with the preconfigured SSID, it awakens and switches to master mode. The program "WKnock" is designed for this purpose, and it can be installed on any AP supported by the OpenWRT framework. During times when the rogue AP isn’t active, it is silent and can’t be detected using common wireless scanning tools.

Check out a few more.

Blog Home >
Mocana Website >