The IEEE 802.11 wireless networking standard provides way for two or more wireless stations to communicate directly to each other without requiring additional infrastructure such as an access point. This method is formally specified as Independent Basic Service Set (IBSS), and is more commonly referred to as the “ad hoc mode” or the “ad hoc network”. An ad hoc network is achieved when two or more stations have been configured with the same Service Set Identity (SSID) and are close enough to be able to communicate with each other over the wireless medium.
Although sometimes useful, ad hoc setups pose problems for network security enforcement. Currently, wireless network security is typically based around access points since they are manageable choke-points in the network infrastructure. Using an ad hoc configuration, however, stations can directly form a wireless network among themselves without going through an access point. Ad hoc networks often increase the overall network's security vulnerability because ad hoc networks are frequently configured by end users without using any authentication or encryption, thus can be easily exploited by hackers.
For example, it is possible for an employee of a company to intentionally configure an ad hoc network among several company laptops, or inadvertently enable the ad hoc configuration on one of the company computers. A hacker in the vicinity can detect the presence of the ad hoc network and establish a connection to it. If any of the company computers on the ad hoc network also has an active connection to the company's main network, the hacker could potentially gain access to the main corporate network once he is on the ad hoc network. It is often difficult to enforce security policy to prevent stations from communicating with each other via ad hoc networks since direct control over the stations is typically required to disable the ad hoc networks.
It would be useful, therefore, to have a way to detect and disable 802.11 ad hoc networks. It would also be desirable if the technique does not require direct control over the stations involved.