Rogue ad-hoc client
This alarm indicates that WiFi Manager has detected an ad-hoc
network operating in the LAN and a mobile unit which is part of that
ad-hoc network, but not in the trusted list.
What is a ad-hoc network ?
A set of mobile devices within direct communication range
establishing a network among themselves for transmitting data, without
the use of a central base station (Access point) is called a ad-hoc
network. Adhoc networks are also referred to as IBSS (Independent
Basic Service Set). The smallest possible adhoc network is a
network between two mobile devices. The mobile devices
participating in the ad-hoc network are called ad-hoc clients.
Ad-hoc Networking Bypassing Enterprise Security
What is a rogue ad-hoc client ?
If the MAC address of the mobile client operating in a ad-hoc
network is not in the authorized MAC address list, then it is
identified as rogue ad-hoc client. Such rogue ad-hoc client may
be an attacker who is trying to gain access to the network and steal
information or a legitimate user whose MAC is not yet added in the
authorized MAC list.
What are the problems associated with Adhoc Networks ?
Typically ad-hoc networks are established among small number of
stations, for a specific purpose and for a short period of time.
Since they are setup as a quick alternative to the infrastructure
network, they are usually not protected and generally violates most of
the corporate policies. They lack good authentication mechanism
for users to participate in the network and also lack encryption
mechanism for data transfer, thus risk exposing important
information. If the mobile clients participating in the ad-hoc
network are also connected to the wired network then the entire
corporate data is at risk.
What should the wireless LAN
Administrators do ?
Wireless LAN administrators should analyze the reason for existence of such ad-hoc networks and should try to shut them down as early as possible. They should also educate the users of the LAN about the potential problems of operating such ad-hoc networks. They should also identify the clients participating in the ad-hoc networks and if they are legitimate users, should add them to the trusted list of users.