Let\'s say you are traveling, and you pause in the airport lounge, or your hotel

Question

Let's say you are traveling, and you pause in the airport lounge, or your hotel lobby, or a nearby coffee shop. You haul out your laptop and scan the available wireless networks. You know the name of the wireless network because it is written behind the counter/on a slip of paper/well known.

You see that there are two options:

"Free Public Wifi" &
"Free Public Wifi"

Which one is the actual wireless network, and which one is the Evil Twin attack? How can you tell? What tools or techniques would you use to decide?

(I'm less interested in answers that involve not connecting to either, or avoiding public wireless, and more interested in the techniques to discriminate legitimate vs non-legitimate APs from a users and not administrators perspective. I'm using "Evil Twin" in this specific sense rather than a general "malicious actor" sense.)

Explanation / Answer

They're both evil. You shouldn't be connecting to any "Free Public Wifi" without assuming that all your unencrypted traffic will be monitored and modified. The best solution is to not connect to public networks at all, but if that's not an option for you then you can protect yourself a little more by specifying your own DNS (rather than letting the router pick for you), using https everywhere you can, not accessing your sensitive accounts on public networks, considering a VPN, and keeping your software and firmware up to date.

In direct answer to your question, some routers have their MAC address printed on a label; you could ask the router owner to check for you, then connect to it, ping it, and view your arp table (arp -a) to see if it matches. Alternatively, you could tell the router owner that there's an imposter nearby and have them change the network name.

Related Questions

Navigate

• Browse (All)
• Browse L
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.