Identification of characteristics of Rouge Access Point based on SNMP and SYSLOG protocols

The paper analyzes the vulnerabilities of Wi-Fi networks, particularly highlighting the dangers posed by public wireless networks. It focuses on two specific attack types: Evil Twin and Rogue Access Point (AP), which are presented as practical and serious threats to network security. The study explores the detection of these attacks through the analysis of logs generated by SNMP and SYSLOG protocols, emphasizing the importance of correlating events over time rather than relying on isolated incidents. Experimental research was conducted in a test environment where various attacks were simulated. The results showed that monitoring and identifying unauthorized access points is possible through careful analysis of SNMP and SYSLOG data. The study revealed that single events, such as device disconnections or deauthentication frames, are not enough to identify threats. Instead, a temporal correlation of these logs provides a clearer indication of an attack in progress. During the setup and experimentation, several technical challenges were encountered, including issues with device configuration and software stability. These difficulties contributed to a deeper understanding of cybersecurity, Linux system administration, and vulnerabilities in Layers 2 and 3 of the OSI model. The research concludes that Rogue AP and Evil Twin attacks, despite being well-known, continue to be relevant threats, particularly in poorly secured networks. Therefore, effective defense requires not only advanced monitoring tools but also proper training and awareness for network administrators and users. The analysis presented in the paper is based on experience gained in a real network.