Building a Honeypot | Cisco 802.11 Wireless Networking Quick Reference

If you have the time, inclination, and a touch of deviousness in you, you can thwart would-be attackers by simply giving them what they want. That is, let them break in.

But they won't get anything.

If you have a spare AP on handmaybe you upgraded your WLAN equipment and have an unused APyou can set up what is called a honeypot.

A honeypot is simply an AP that is set up to distract war drivers and attackers from your real AP. While the attackers are busy trying to access the honeypot, they might not even be aware of the real WLAN.

To set up a honeypot, you first need an unused APyou can buy one, or if you are upgrading from older 802.11 equipment, you might have a spare one on hand. Next, do the following:

Step 1.	Set the SSID to something different from your real AP.
Step 2.	Use a channel at least five channels away from the channel you are using on the new AP. This avoids interference.
Step 3.	Place the AP and any antennas near an outside window.
Step 4.	Plug it into a power source, but do not connect it to your network.
Step 5.	Do not point any wireless computers or devices toward this AP.

A word of warning about a honeypot: Visitors with legitimate business on your WLAN might accidentally log on to your honeypot and not be able to access the WLAN. Because of this, you might want to ensure that the honeypot does not cover a visitor area.

That's all there is to building a honeypot. It probably won't deter someone who is really gunning for your network, but it should pacify casual and lazy snoops.