Evil twin and access point MAC spoofing
One of the most potent attacks on WLAN infrastructures is the evil twin. The idea is to basically introduce an attacker-controlled access point in the vicinity of the WLAN network. This access point will advertise the exact same SSID as the authorized WLAN network.
Many wireless users may accidently connect to this malicious access point, thinking it is part of the authorized network. Once a connection is established, the attacker can orchestrate a man-in-the-middle attack and transparently relay traffic while eavesdropping on the entire communication. We will take a look at how a man-in-the-middle attack is done in a later chapter. In the real world, an attacker would ideally use this attack close to the authorized network so that the user gets confused and accidently connects to the attacker's network.
An evil twin having the same MAC address as an authorized access point is even more difficult to detect and deter. This is where access point MAC Spoofing...