Research And Implementation Of Wireless Rogue Access Point Detection Technology

In recent years,with the popularity of intelligent terminals and the rapid development of mobile Internet,people have been accustomed to connect to the Internet through the wireless way.So the wireless LAN security issues become particularly important.In wireless LAN security issues,the Rogue Access Point attack is an important security problem in the wireless network.It is also a hotspot in the current wireless network security problem.Based on the wireless hotspots deployed in public places,this paper studies the discovery and detection of Rogue AP.The details are as follows:(1)This paper proposes a rogue AP detection scheme based on 802.11 protocols.The detection scheme combines the characteristics of WLAN architecture to extract the protocol characteristic information of AP.Such as AP's MAC,rate characteristics,and so on.In addition,sends a special request probe packet to the AP under the same SSID to collect the probe response packet.Finally,by comparing the similarities and differences between AP characteristics to achieve the detection of rogue AP.The detection scheme can effectively detect Si-Fi type rogue AP.It also can detect Mobi and some hidden Du-Fi type rogue AP.(2)An improved TTL-based rogue AP detection scheme is proposed.According to the access characteristics of the rogue AP,the ICMP-Traceroute,TCP-Traceroute and UDP Traceroute are constructed to track the path of the test point to the specified destination server.The traditional TTL-based rogue AP detection scheme uses one of the methods to implement route tracking.The proposed route tracking method uses three kinds of routing tracking method to achieve the detection of rogue AP.In addition,through the additional Mobi type rogue AP authentication module,the detection scheme cannot only detect the rogue AP,but also can further detect whether the AP is a Mobi type rogue AP.(3)Finally,three kinds of rogue AP attack models were designed and implemented,and two kinds of rogue AP detection schemes are combined to test the three rogue AP attack models.The experimental results show that the combination of these two rogue AP detection schemes cannot only effectively detect the rogue AP,but also can be a step to distinguish the type of rogue AP.At the same time,this paper analyzes the influence of distance factors on the test scheme.