Mohamed Idris has created a tool to help network administrators discover and DoS rogue access points.
The EvilAP Defender open source tool published to GitHub can be run by admins at intervals to determine if attackers are attempting to get their users to connect to malicious networks:
https://github.com/moha99sa/EvilAP_Defender/blob/master/README.TXTThose evil twin attack networks are powerful copycats of legitimate access points that attempt to get users to connect in a bid to harvest subsequent traffic.
Idris says the tool will send email alerts to admins when evil twins are detected, and launch denial of service attacks to buy time.
"Additionally you can configure the tool to perform DoS on discovered evil AP in order to give the administrator more time to react," Idris says.
"However, notice that the DoS will only be performed for evil APs which have the same SSID but different BSSID (AP’s MAC address) or running on a different channel. This to avoid DoS your legitimate network."
More features are being added including on the back of Reddit network security discussion, including SMS notification:
http://www.reddit.com/r/netsec/comments/311kzg/evilap_defender_protect_your_wifi_from_evil_twin/It presently paints access points as evil based on BSSIDs and attributes including channels, ciphers, protocols, Organizationally Unique Identifiers, and authentication.
Admins can put the tool in learning mode so that it can identify friendly networks.
Users are invited to email Idris about the tool: moha99sa [at] yahoo [dot] com(ElReg)
Bootnote: Launching denial of service attacks against something you don't own, even a very obvious Evil Twin, could be illegal. Effective, clever, but illegal.