Skip to content

AP Spoofing in IEEE 802.11 Network.

June 29, 2010

The access point spoofing (AP Spoofing) is a typical man-in-the middle attack. The attacker suits himself between two nodes and controls all the traffic between them in this attack. This threat is very dangerous as the attacker is able to catch all the information traveling across the network. It is not so easy rather complex to make a man-in-the-middle attack in a wired network because this would require real access to the network. But there is no need of physical existence in wireless network and so preferred by the attacker. The first step is to set up a rogue AP for association between a victim node and legitimate AP. Then the rogue AP is established by copying all the configuration of the legitimate one: SSID, MAC address etc.

The next step is to wait for a new user trying to connect to the network where it gets connection with the rogue AP. The users can connect by themselves with the rogue AP or the attacker can create a denial of service attack to the legitimate AP to interrupt connections and automatically new users get into trap with the rogue AP. In IEEE 802.11 networks, the subscriber nodes select AP by the strength of the receiving signal. The attacker only need to do is to ensure that his AP has greater signal strength as seen by the victim. To accomplish that, the attacker tries to place his AP nearer to the victim than the legitimate AP, or to use a different technique by using directional antennas. The rogue access point is shown in figure below.

Figure: Access Point Spoofing by a Rogue Node.

Thus the victim node gets connection to the rogue AP and continues its works as it does with the legitimate AP since it does not know the real fact. The attacker captures all the necessary information’s starting from passwords when the victim tries to login for different accesses. Getting all the required information’s the attacker achieves the ability to penetrate the legitimate network.

This attack is possible in IEEE 802.11 network because it doesn’t have strong two-way authentication between AP and nodes. AP credentials are usually broadcasted across the network for subscriber nodes. As a result eavesdropping the network becomes easy for the attacker and he can get all the information needed. The user nodes may use WEP authentication to authenticate themselves to the AP which is also vulnerable but still more secure. An attacker needs to eavesdrop a lot of traffic and try cryptanalysis in order to get the password.

One Comment
  1. Safiqul Islam permalink

    great one, but it could have been better if you have showed some wep cracking method which can be obtained by aircrack, airdump (something like that).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: