Thursday, September 23, 2010

How to block rogue access point

Once a rogue AP is discovered the next immediate step is to block the AP from the network so that the authorized clients don’t associate with it.
There are two ways of blocking the rogue APs.
1. Tit for Tat: Launch a Denial-of-service (DoS) attack on the rogue AP and make it deny wireless service to any new client.

2. Pull it out of the network: Either the WLAN administrator can manually locate the AP and pull it physically off the LAN OR block the switch port to which the AP is connected.


Launching a DoS attack on the rogue: AP Most Wireless IDS vendors follow this practice. This is kind of using offence for defence. Once a rogue AP is detected the WLAN administrator can use the sensor to launch a DoS attack on it by sending numerous disassociation packets.





No comments:

Post a Comment