EvilAP_Defender identifies and attacks rogue access points

There is finally a way to get rid of those pesky rogue access points, looking to harvest subsequent traffic.

A developer called Mohamed Idris created a tool named EvilAP_Defender, which helps wireless network administrator discover and prevent Evil Access Points (AP) from attacking wireless users.

The EvilAP Defender open source tool published to GitHub can be run by admins at intervals to determine if attackers are attempting to get their users to connect to malicious networks.

The ‘evil twins’ are powerful copies of legitimate access points, and Idris says the app can notify admins when evil twins are detected, and it can even launch a counter-offensive.

“Additionally you can configure the tool to perform DoS on discovered evil AP in order to give the administrator more time to react,” Idris says.

The app also has a built-in safety measure which doesn’t allow DoSing legitimate networks.

“However, notice that the DoS will only be performed for evil APs which have the same SSID but different BSSID (AP’s MAC address) or running on a different channel. This to avoid DoS to your legitimate network,” he says.

The tool also has a ‘learning mode’ – which is created to identify friendly networks and separate them from the evil ones.

The Register noticed a Reddit discussion on this issue, where it’s said that more features are being implemented, including SMS notifications.

Access points are noticed as evil based on BSSIDs and attributes including channels, ciphers, protocols, Organizationally Unique Identifiers, and authentication.