Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How does the WLSE distinguish between a rogue device and an ad-hoc device?

device distinguish Rogue wlse
0
Posted

How does the WLSE distinguish between a rogue device and an ad-hoc device?

0 CommentsAdd a Comment

1 Answer

0

A. APs and clients detect beacons in the air and send the beacon information to the WLSE via the WDS. These beacons are standard 802.11 frames. If the beacon information does not match a managed radio in the WLSE (by MAC address), the WLSE will identify it as an Unknown Station. An unknown station is either infrastructure or ad-hoc (IBSS). This determination is made from the beacon report; the 802.11 frame contains a byte indicating whether or not the beacon is IBSS (ad-hoc) or not (infrastructure). WLSE relies solely on this flag in the beacon to make this determination. WLSE considers hardware, both client and access points, to be trusted sources, and assumes that vendors are reporting the field correctly. WLSE expects only client machines and peripherals to emit beacons with the IBSS flag set (it is very unlikely that an access point would emit an IBSS beacon). In rare cases, however, a malicious station can spoof the field.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123