Until now, we have covered unauthenticated attacks against the wireless networks, to crack WEP or WPA keys, attack WPA-Enterprise, recover the WPS PIN, and to gain access to such networks.
In this section, we will cover an attack that assumes the attacker (insider or outsider) to be controlling a machine already connected to the wired LAN: rogue access points.
Indeed, a rogue AP is an access point installed on a LAN without authorization and can be used by an attacker as a backdoor to the network.
A rogue AP can be installed either physically or via software (soft AP). The installation of a physical AP involves breaking the physical security policies of the network and can be identified more easily. We are going to see how to ...