A security administrator is analyzing the corporate wireless - CompTIA Security+ SY0-701
Question
A security administrator is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airodump-ng, the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access points. Which of the following attacks is happening on the corporate network?
Answers
-
-
correct
-
-
-
Explanation
Correct Answer B. Evil twin
The situation described suggests an Evil twin attack. In an Evil twin attack, an attacker sets up a rogue access point with the same ESSID (Extended Service Set Identifier) as the legitimate corporate network and the same BSSID (Basic Service Set Identifier) as one of the legitimate access points. This causes confusion for clients, which might attempt to connect to the attacker’s rogue access point instead of the legitimate one. The attacker can then intercept or manipulate the traffic of users connected to the rogue access point.
Reasons the other options are incorrect:
- On-path: An on-path attack (formerly known as man-in-the-middle) occurs when an attacker intercepts and potentially alters communications between two parties. While an Evil twin attack could lead to an on-path attack, the specific behavior described (same ESSID and BSSID on different channels) indicates an Evil twin rather than an on-path attack.
- Jamming: Jamming involves interfering with the wireless signal to disrupt communication, usually by sending out noise or unwanted signals on the same frequency. Jamming does not involve impersonating legitimate access points with the same ESSID and BSSID.
- Rogue access point: A rogue access point refers to an unauthorized access point set up within a network, typically with a different ESSID or BSSID. While this is related, the Evil twin specifically uses the same ESSID and BSSID as a legitimate access point, making it more precise in this scenario.
- Disassociation: Disassociation attacks involve sending disassociation frames to disconnect devices from a legitimate access point, often to force clients to reconnect to a rogue access point. While this could be a part of the attack, the core description here points to an Evil twin setup rather than a disassociation attack.
No Payment Cards Needed
