Detecting a Valid Client Misassociation
This feature does not detect attacks, but rather it monitors authorized (valid) wireless clients and their association within the network. Valid client misassociation is potentially dangerous to network security. The four types of misassociation that we monitor are:
| | Authorized Client associated to Rogue—A valid client that is associated to a rogue AP |
| | Authorized Client associated to External AP—An external AP, in this context, is any AP that is not valid and not a rogue |
| | Authorized Client associated to Honeypot AP—A honeypot is an AP that is not valid but is using an SSID that has been designated as valid/protected |
| | Authorized Client in ad hoc connection mode—A valid client that has joined an ad hoc network |
This does the detection of all those 4 misassociations at the same time apparently.
So what happens when say a student normally connecting to the schools network now connects to his personal WLAN in his dormitory (which is close enough to be detected by the schools APs)? Will the schools APs and AMs now start deauthing that user from his own AP?