Counterfeiting

In counterfeiting, a hacker sets up an unauthorized access point to
make other wireless stations access it instead of the authorized net-

work. When a wireless user moves from one location to another, the NIC
card often latches onto the strongest cell in its area of reception, much
as a cellular phone moves from cell to cell, switching to the one with the
most power and greatest signal strength. The counterfeit access point
can attract a wireless station into the false network in order to copy its
encryption key used to log on to the real network access point. In addition,
the user would normally send his password to log onto the network;
the counterfeit access point would capture that too. The counterfeit
systems may actually be much farther away, but it is a simple
matter to reconfigure most access points to increase their output power
beyond the legal limit to attract a greater number of wireless stations
anywhere in their vicinity.
A counterfeiting attack is difficult and requires a greater level of
knowledge about the access point and protocols of the wireless corporate
network being imitated. Without detailed knowledge about the internal
network, wireless users would immediately see something is wrong,
making this type of attack easy to detect. It is hard to track down these
types of attacks because all that is really needed to pull this off is a
receiver and antenna compatible with the targeted wireless stations. It
is difficult to detect this attack (when it is taking place) because unsuccessful
logons are extremely common in the WLAN environment.
The only way to truly protect yourself against a counterfeiting attack
is to implement a strong and efficient means of authentication that
requires wireless stations to authenticate themselves to the access point
while leaking neither the shared cryptographic key nor the passwords to
access network resources.