z00m

I dont own the Fon but i think im right with what im saying here if not someone correct me, if they are connected to a wifi network with encryption on even if your rouge AP has the same SSID as the real trusted one, there computer will pick the encrypted acesspoint before the rouge one. example: rouge AP no encryption called (NETGEAR) real AP with WEP or WPA encryption called (NETGEAR) The targets computer is configured to connect to AP named (NETGEAR) with wep, so it will maybe try to connect to yours then notice there is no encryption, so it then thinks, OH! im configured for WEP, one second this is not safe. Rescans and finds same SSID with WEP trys the key thats stored in the targets computer anyway and connects. Hope that explains why that is happening. Now if for some reason the targets router was turned off one day and he turned on his PC you could use airbase-ng that will respond to all probe requests when the computer is looking for NETGEAR with WEP it will say "YO thats me" then they will connect to the rouge AP, but only if there real one is not there.