Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All
     

    Related Documentation

     

    Understanding an SSID Masquerade

    SSID Masquerade is a situation where a hacker pretends to be part of your network by using an access point that sends an SSID that looks like one of your legitimate SSIDs.

    Tip: For an explanation of the terms SSID and BSSID, see Understanding the Network Terms SSID, BSSID, and ESSID.

    Fake SSID Attacks

    With fake SSID attacks, an access point joins the network pretending to be a legitimate access point. Even though access point beacons and probe responses must carry information about the WLAN, including the BSSID, access point MAC addresses (the basis of the BSSID) are easily reconfigured—therefore, any 802.11 device can transmit packets that appear to originate from another access point or MAC address. This fake access point then becomes a conduit for stealing sensitive company information.

    Fake BSSID Attacks

    With fake BSSID attacks, Wi-Fi users can be tricked into associating with a phony access point. Also called Evil Twin, AP Phishing, Wi-Fi Phishing, Hotspotter, or Honeypot AP, these attacks use fake access points with faked login pages to capture credentials and credit card numbers, launch man-in-the-middle attacks, or infect wireless hosts.

    Detecting Fake SSID Attacks and Fake BSSID Attacks

    All SSIDs belonging to a mobility domain are part of a SIFA cluster that can be compared with SSIDs seen on the air. If an access point does not belong to your mobility domain and is seen using your SSID(s), the controller logs that instance, and a log and a trap are generated. If you want to override this alarm, you can add the device to the ignore list and the device will no longer be considered a threat.

    MSS detects two kinds of these access point attacks by monitoring the neighbor table: fake access point BSSID attacks and fake access point SSID attacks. The usual purpose of a fake access point attack is to penetrate the network unobserved and obtain information, but they can also sometimes be used to infect the network.

    Access points detect any packet type that is using one of the access point’s own BSSIDs. When an access point detects that one or more of its BSSIDs are being spoofed, the access point creates a record indicating that this particular BSSID is being spoofed. There will be one record per spoofed BSSID.

    With fake access point BSSID attacks, Wi-Fi users are tricked into associating with a phony access point. Also called Evil Twin, AP Phishing, Wi-Fi Phishing, Hotspotter, or Honeypot AP, these attacks use phony access points with faked login pages to capture credentials and credit card numbers, launch man-in-the-middle attacks, or infect wireless hosts.

    With fake SSID attacks, an access point joins the network pretending to be a legitimate access point. Even though access point beacons and probe responses must carry information about the WLAN, including the BSSID, access point MAC addresses (the basis of the BSSID) are easily reconfigured so any 802.11 device can transmit packets that appear to originate from another access point or MAC address. This fake access point then becomes a conduit for stealing sensitive company information.

    For directions to configure a wireless masquerade policy with Network Director, see Creating and Managing RF Detection Profiles.

     

    Related Documentation

     

    Modified: 2018-01-23