Re: Wireless blocking

["Alex S. Harasic" <alharasic () mi cl>]

Like Mark said, I think the best way is to identify the 
Wireless AP through wire.

I guess the risk is that the Wireless AP is connected to 
the network, therefore it's connected in a switch 
somewhere. You can always see what port it's connected to 
quering the switch of a certain mac address. Wireless AP 
have a generic MAC address so you can easily find it with 
something like:

show ip arp | include 0040.96

in your router, I now that 0040.96 works for cisco aironet 
AP.

You can also check Kirby Kuehl presentation on this matter 
called "Detecting Rogue 802.11 Access Points within the 
Enterprise".

Regards

Alex S. Harasic



On Tue, 4 Oct 2005 19:57:24 -0400
 Mark Owen <mr.markowen () gmail com> wrote:
> On 10/4/05, Daryl Davis <daryl () ultbingo com> wrote:
> > I believe I have an unauthorized wireless router on my 
> > network.  I have been
> > unable to physically find it as of yet.
> >
> > Does anyone know how to find the hidden SSID and then 
> > Jam it?
>
> Did it receive an ip address via dhcp?
> That might help you out in tracking at least which port 
> it is plugged
> into (via mac address.)
>
> Best bet is to trace down cable and pull the plug.
> Block mac address from dhcp.
> Kick it off network by assigning another throw away 
> device same IP as
> wireless (at least confuse it)
>
> All else, take $LUSER for a ride in a nice Cadillac down 
> a bumpy road
> in the trunk.
>
> --
> Mark Owen