RE: Fake AP in the Vendor field of Netstumbler

["Steve Fletcher" <safletcher () insightbb com>]

I have seen this myself.  My guess is that they are using the MAC address of
the AP to determine the manufacturer and anything that does not match with
known manufacturers is listed as a fake AP.  But, if anyone can provide a
definite answer on this, that would be great.

Steve Fletcher
MCSE (NT4/Win2k), MCSE: Security (Win2k), HP Master ASE, CCNA, Security+,
CCA
safletcher () insightbb com

-----Original Message-----
From: OTTO, DOUGLAS P. [mailto:douglas.otto () thermo com] 
Sent: Monday, November 29, 2004 1:39 PM
To: shankarnarayan.d () netsol co in; security-basics () securityfocus com
Subject: RE: Fake AP in the Vendor field of Netstumbler

It could be a result of interference with another AP on the same
frequency.  

--
Douglas Otto - Sr Network Engineer
Thermo Electron Corp - Madison Site
5225 Verona Rd Bldg 4
Madison, Wisconsin 53711
 

> -----Original Message-----
> From: shankarnarayan.d () netsol co in 
> [mailto:shankarnarayan.d () netsol co in] 
> Sent: Saturday, November 27, 2004 6:24 AM
> To: security-basics () securityfocus com
> Subject: Fake AP in the Vendor field of Netstumbler
>
>
>
>
> Hi,
>
>
>
>   Was working on the Vulnerability Assessment of a client 
> network with about 100 Access Points. Began with Netstumbler 
> and it started showing me some AP's as Fake in the Vendor 
> field. I know that they are Cisco AP's, but am not too sure 
> why they are displayed as Fake AP's
>
>
>
> I googled around a little but did not get any satisfactory 
> answers - one on Netstumbler.org said it was a quirk in the 
> version 0.4.0. Others suggested that I delete the Fake entry 
> and retry - this also did not lead me anywhere
>
>
>
> Anyone 'stumbled' on some other explanations
>
>
>
> Rgds,
>
> Shankar