Whats the difference between an evil twin and a rogue access point?

Yeah, but an Evil Twin is a kind of Rogue AP.

The most common Rogue AP is an ilegitimate AP that is plugged in a network to create a bypass from outside into the legitime network.

An Evil Twin is a copy of a legitimate AP. The target is different. It tries to hook clients to connect to the fake network to steal information, but is a kind of Rogue AP too. A lot of people is wrong about this. They think an Evil Twin is not a Rogue AP but it is too. Look at the definition on Wikipedia: Rogue AP. You can read there "... it is tagged as rogue access point of the second kind, which is often called an Evil Twin".

The Evil Twin has too "good" or "positive" usage. It can be used during a pentesting over a corporate network to measure the "security education" or better said, the user's security awareness. To see how many bite the lure.


You are correct

A rogue access point is specifically an AP inside a network not administered by the network owner, giving it unwanted access to network.

An evil twin is a copy of a legitimate access point not necessarily giving it access to a specific network or even to internet. The wireless mode of these connections are ad-hoc, you can have an evil twin of your home network on a public park, just for the purpose of connecting your device to that network to do... evil things?

Tags:

Wifi

Network