PrepAway - Latest Free Exam Questions & Answers

which of the following attacks is underway?

After a recent breach, the security administrator performs a wireless survey of the corporate
network. The security administrator notices a problem with the following output:
MAC SSID ENCRYPTION POWER BEACONS
00:10:A1:36:12:CC MYCORP WPA2 CCMP 60 1202
00:10:A1:49:FC:37 MYCORP WPA2 CCMP 70 9102
FB:90:11:42:FA:99 MYCORP WPA2 CCMP 40 3031
00:10:A1:AA:BB:CC MYCORP WPA2 CCMP 55 2021

00:10:A1:FA:B1:07 MYCORP WPA2 CCMP 30 6044
Given that the corporate wireless network has been standardized, which of the following attacks is
underway?

PrepAway - Latest Free Exam Questions & Answers

A.
Evil twin

B.
IV attack

C.
Rogue AP

D.
DDoS

Explanation:
The question states that the corporate wireless network has been standardized. By ‘standardized’
it means the wireless network access points are running on hardware from the same vendor. We
can see this from the MAC addresses used. The first half of a MAC address is vendor specific.
The second half is network adapter specific. We have four devices with MAC addresses that start
with 00:10:A1.
The “odd one out” is the device with a MAC address starting FB:90:11. This device is from a
different vendor. The SSID of the wireless network on this access point is the same as the other
legitimate access points. Therefore, the access point with a MAC address starting FB:90:11 is
impersonating the corporate access points. This is known as an Evil Twin.
An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that
appears as a genuine hotspot offered by a legitimate provider.
In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue hotspot to collect
the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection
or using a phishing technique.
For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access
point and discover the service set identifier (SSID) and frequency. The hacker may then send a
radio signal using the exact same frequency and SSID. To end users, the rogue evil twin appears
as their legitimate hotspot with the same name.
In wireless transmissions, evil twins are not a new phenomenon. Historically, they were known as
honeypots or base station clones. With the advancement of wireless technology and the use of
wireless devices in public areas, it is very easy for novice users to set up evil twin exploits.


Leave a Reply