Rogue APs can be detected through the monitoring of wireless networks by sniffing wireless frames such as MAC addresses, SSID, and IP addresses. However, Fake APs require a different method because it is easy for these identity fields to be spoofed (or concealed). According to Suman Jana, from University of Utah's School of Computing, fake APs can be detected by the "monitoring the anomaly [inconsistency] of the 'sequence number' field of beacon frames sent by the authorized AP and the fake AP which is masquerading as the authorized one."
This proposed method is only useful for detecting fake APs and only works if both the authorized AP and the fake AP are operating simultaneously.
An effective way to detect and prevent of a fake APs is through the use of a resource that can exist as a fake AP itself, such a resource is known as a "Honeypot". These access points act as traps for fake APs and other unathorized APs in which these honeypots allow for the counteraction of such attackers. These Honeypots operate fairly simply: in theory, honeypots are not supposed to see any traffic because they have no real activity, therefore any connections to a honeypot is therefore most likely an attack.
An another method of prevention would be the use of the "Black Alchemy Fake Ap" application. This free program creates thousands of access points, hiding amongst the fake APs the real one, so that hackers have a hard time trying to find the real AP so they can hack it. In using this, hackers will likely get frustrated in trying to find the AP and give up.
