Wireless access points provide an entry point for wireless devices to access a managed network infrastructure. A rogue access point that is connected to the network may allow malicious actors an “attack” vector into the managed network infrastructure. Detecting rogue access points may be necessary to protect network infrastructure and wireless clients accessing the managed network.
One algorithm to detect whether a rogue access point is connected to the network uses a legitimate access point as a client and tries to associate with the rogue access point. If the legitimate access point's identity is seen from the wireless network controller, then the rogue access point is connected to the network. However, encrypted authentication protocols used by the rogue access point may hinder the effectiveness of detection algorithms that rely on associating with the rogue access point.
Another algorithm uses a dedicated access point running in a rogue detector mode. In this algorithm, the rogue detector mode causes the access point to listen to Address Resolution Protocol (ARP) message and try to match a rogue access point's network address. However, if the rogue access point uses a Network Address Translation service, then the rogue detector mode may not find the matching network address. Additionally, using an access point solely for rogue access point detection may waste resources that a customer would prefer to use for other purposes.