Proxim AP-4000 Network Card User Manual


 
Advanced Configuration AP-4000 Series User Guide
Alarms
94
Figure 4-27 Preventing Rogue AP Attacks
The figure above shows Client 1 connected to a Trusted AP and Client 2 connected to a Rogue AP. The Trusted AP
scans the networks, detects Client 2, and notifies the Network Manager. The Network Manager uses SNMP/CLI to query
the wired switch to find the inbound switch port of Client 2’s packets. The Network Manager verifies that this switch/router
and port does not have a valid Access Point as per the administrator’s database. Thus it labels Client 2’s AP as a Rogue
AP and proceeds to prevent the Rogue AP attack by blocking this switch’s port.
Multi-Band Scanning
Rogue Scan detects Rogue stations in all bands (i.e., 2.4 GHz and 5 GHz for interfaces that support 802.11a/g
multi-band operation. During Rogue Scan the AP scans every channel in its configured regulatory domain; the AP scans
both the 2.4 GHz and 5 GHz bands for wireless interfaces supporting 802.11a/g multi-band operation.
APs can be detected either by active scanning using 802.11 probe request frames or passively by detecting periodic
beacons, or both. Wireless clients are detected by monitoring 802.11 connection establishment messages such as
association/authentication messages or data traffic to or from the wireless clients.
There are two scanning modes available per wireless interface: continuous scanning mode and background scanning
mode.
Continuous Scanning Mode
The continuous scanning mode is a dedicated scanning mode where the wireless interface performs scanning alone and
does not perform the normal AP operation of servicing client traffic.
In continuous scanning mode the AP scans each channel for a channel scan time of one second and then moves to the
next channel in the scan channel list. With a channel scan time of one second, the scan cycle time will take less than a
minute (one second per channel). Once the entire scan channel list has been scanned the AP restarts scanning from the
beginning of the scan channel list.
Background Scanning Mode
In background scanning mode the AP performs background scanning while performing normal AP operations on the
wireless interface.
You can configure the scan cycle time between 1-1440 minutes (24 hours). The scan cycle time indicates how
frequently a channel is sampled and defines the minimum attack period that can go unnoticed.
In background scanning mode the AP will scan one channel then wait for a time known as channel scan time. The
channel scan time affects the amount of data collected during scanning and defines the maximum number of samples
(possible detections) in one scan. This is increased to improve scanning efficiency; the tradeoff is that it decreases