|Subject:||How to set a Baseline|
> So , how does kismet detects rogue AP right now . That is differentiates between unauthorized (not harmful) and a rogue AP (harmful)
There are a few automated detections; conflicting SSIDs advertising different encryption, a bssid reducing its encryption (indicating active twin).
For detecting APs which share your official SSID but aren't yours, you can use the apspoof rule in the config file to define a regex match for the SSID and a list of valid MAC addresses for it.
Reply to this message