Proceedings of the 4 th International Conference on Computing and Informatics, ICOCI 2013 28-30 August, 2013 Sarawak, Malaysia. Universiti Utara Malaysia (http://www.uum.edu.my ) Paper No. 113 173 INBOUND TIME STAMPING FOR DETECTING ROGUE ACCESS POINT Amran Ahmad 1 , Suhaidi Hassan 2 , and Mohd Hasbullah Omar 3 1 Universiti Utara Malaysia, Malaysia , amran@uum.edu.my 2 Universiti Utara Malaysia, Malaysia, suhaidi@uum.edu.my 3 Universiti Utara Malaysia, Malaysia, mhomar@uum.edu.my ABSTRACT. Rogue Access Point (RAP) is a network vulnerability phenomenon of improper usage of wireless Access Point unknown to an organizational network engineer. Once it is inside the subnet or Local Area Network (wired structure) then we need to rectify of its availability. The process of rectifying can be classified into passive monitoring, using visualization and traffic characteristic. We prefer traffic characteristic scanning where a packet capturing can become one of the best tools to differentiate between wired and wireless network. Our main concentration is time stamping as a value added to packet capturing for wired and wireless differentiation. The time stamping is done at two point inbound inside subnet focusing on a PAYLOAD and its ACK using network test bed measured by finding an average of 100 PAYLOAD-ACK pairs. The test show about 16 to 56 percent differences between wired and wireless g mode and 15 to 26 percent differences between wired and wireless n mode. As a result, it shows that there is more delay on wireless than the wired and easier for us to detect RAP existence in wired network. Keywords: RAP, inbound time stamping, PAYLOAD-ACK pair INTRODUCTION The number of Internet users is increased lately. The rise of web 2.0 also invites many web developers to develop a new and sophisticated web services which can attract users to visit Internet frequently. Instead of the phenomenon, we are also being given choices to connect into Internet; either using wired or wireless. The concept of mobility is already known to many users especially the on moving businesses and also normal users. The most versatile device used for communication like hand phone is not for trendy anymore. It is already become a standard where the accessibility to Internet also done through wireless. Some of them connected through Access Point (AP) instead of other services like 3G or 4G. Some organization also prefers using AP for extending their network. We believe the device that owned by the organization is properly setup however some staff who have more than one computer and sitting at a poor coverage area will choose to plug their own AP to the nearest data point (wired). This is where the Rogue Access Point appears in the organization. Rogue access points (RAPs) expose the enterprise network to network vulnerabilities and normally connected to the network behind the firewall (Beyah, Kangude, Yu, Strickland, & Copeland, 2004; Gao, Corbett, & Beyah, 2010; Han, Sheng, Tan, Li, & Lu, 2011; Sriram, Sahoo, & Agrawal, 2010). Unauthorized RAP produce security vulnerabilities in organization