A detection-based defense to a wireless network. Elements of the
infrastructure, e.g., access points or scanning-only access points,
detect intruders by detecting spoofed frames, such as from rogue access
points. Access points include a signature, such as a message integrity
check, with their management frames in a manner that enables neighboring
access points to be able to validate the management frames, and to detect
spoofed frames. When a neighboring access point receives a management
frame, obtains a key for the access point sending the frame, and
validates the management frame using the key.