One of the most potent attacks on WLAN infrastructures is the Evil Twin. The idea is to basically introduce an attacker-controlled access point in the vicinity of the WLAN network. This access point will advertise the exact same SSID as the authorized WLAN network.

Many wireless users may accidently connect to this malicious access point thinking it is part of the authorized network. Once a connection is established, the attacker can orchestrate a man-in-the-middle attack and transparently relay traffic while eavesdropping on the entire communication. We will look at how a man-in-the-middle attack is done in a later chapter. In the real world, an attacker would ideally use this attack close to the authorized network, so that the user gets confused and accidently connects to his network.

An evil twin having the same MAC address as an authorized access point is even more difficult to detect and deter. This is where access point MAC spoofing comes in! In the next experiment, we will look at how to create an evil twin, coupled with access point MAC spoofing.