Research On Search Location And Detection Technology Of Wireless Phishing AP

802.11 protocol has been widely used to achieve the efficient communication through specific media.As wireless communication has a very significant character of openness,it must have some unavoidable security issues: wireless networks will continue to broadcast beacon frames,which cover the network name,and these contents are less confidential and easily to obtain.In addition,criminals steal content through potential loopholes in the protocol,and then restore private data,resulting in massive leakage of user data.Among the various attacks,the most typical one is to set up a phishing access point,which is no different from the conventional wireless access point on the surface,such as: the SSID name is exactly the same,and in some cases the MAC address is not different.This paper focuses on the architecture,protocol characteristics,the attack principle and classification of phishing AP of Wireless Local Area Networks(WLAN for short)in a wireless network.The wireless phishing AP search and positioning technology has been optimized,and three types of phishing models are designed.Two types of phishing AP detection schemes are put forward,one is based on 802.11 protocol features and the other is based on TTL.Finally,the feasibility of the proposed schemes has been tested through experiments.The results of the experiments show that:Compared with the traditional convergence method and vector method,the distance proportional parametric search positioning algorithm based on path loss has significantly improved the accuracy of the positioning range.The phishing AP detection scheme which is based on 802.11 protocol features can detect Si-Fi and some Mobi and Du-Fi types of phishing AP with weak concealment according to the protocol features of AP.However,in some cases,the attacker sniffs the configuration information of legitimate AP through sniffing technology.According to this information,the attacker uses some tools such as macchange to modify the SSID and MAC address of phishing AP,and constructs a highly covert phishing AP.If the above scheme was still used for detection,the actual test results obtained are not satisfactory.Although Si-Fi type fishing AP can be detected,Mobi and Du-Fi type fishing AP with high concealment cannot be detected.Therefore,a more scientific and effective detection method should be designed according to the characteristics of various illegal AP.The phishing AP detection scheme based on TTL can play an outstanding detection effect on Mobi and Du-Fi illegal AP with strong camouflage.Not only can it detecting phishing AP,but the scheme can also be combined with the Mobi authentication module to carry out more in-depth analysis.It can accurately identify the type of phishing AP,and lock the target phishing AP.In these aspects,this scheme provides great help.The combination of the above two schemes can effectively detect phishing AP.