IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wired detection of rogue access points

From: Vladimir Vuksan <vlists () veus hr>
Date: Mon, 19 Mar 2007 17:46:30 -0400
johnnywkm () gmail com wrote:

Can anyone point me to a wired LAN scanner/sniffer that detects wireless access points connected to the LAN?
I don't believe you can identify an AP just by sniffing. The problem is that AP acts as a L2 switch so there is not necessarily a signature.
The only way I can think of doing something like that is polling your switches (through SNMP) for connected MAC addresses and running a wireless sniffer like Kismet and cross referencing mac addresses that Kismet sees vs. what you see on your wired switches. That has been on my to-do list and I have a project that does switch polling for MAC addresses I just haven't added the Kismet portion yet :-(. 

Vladimir

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: