nanog mailing list archives
Re: Locating rogue APs
From: Tony Rall <trall () almaden ibm com>
Date: Tue, 11 Feb 2003 13:02:34 -0700
On Tuesday, 2003-02-11 at 13:42 CST, "Matthew S. Hallacy" <poptix () techmonkeys org> wrote:
On Tue, Feb 11, 2003 at 11:27:28AM -0600, John Kristoff wrote:In general, MAC OUI designations may indicate a particular AP. IP multicast group participation may also be used by some APs. Some APs have a few unique ports open. Lastly, APs may be found with a radio on a particular default channel. All of these potentially identifying characteristics may be used to help audit the network for rogue IPs.Why are you posting this here? The information is somewhat
incomplete/incorrect
as well. Persons interested in finding rogue AP's would be much better off with a tool such as kismet that already identifies model/make of access points based on various datapoints (including the types you
posted),
as well as the ability to determine in where the AP is (pysically) with the use of a GPS unit.
It appears that kismet requires either someone to walk around the facility while running the program or that you have you have it installed on machines all over your site. Neither of those options interest me as a long term solution to rogue AP monitoring. It sounds like John is referring to using a network IDS system, maybe one per subnet, to try to infer from the wired (maybe) network traffic that an unwanted AP is connected to your wired network. Given that you may want to run such an IDS anyway, this could give you a decent start on handling rogues. Personally, I think the idea of checking radio traffic to be a more complete solution, but don't want to have to install a bunch of wireless machines all over the site to detect this. I'm really waiting for the AP vendors to incorporate a rogue detection system in the APs itself. This could solve the problem for those sites that have fully deployed APs. Tony Rall
Current thread:
- Locating rogue APs John Kristoff (Feb 11)
- Re: Locating rogue APs Matthew S. Hallacy (Feb 11)
- Re: Locating rogue APs Tony Rall (Feb 11)
- Re: Locating rogue APs John Kristoff (Feb 11)
- OT: Re: Locating rogue APs Len Rose (Feb 11)
- Re: Locating rogue APs Martin Hannigan (Feb 11)
- Re: Locating rogue APs Tony Rall (Feb 11)
- Re: Locating rogue APs Matthew S. Hallacy (Feb 11)
- <Possible follow-ups>
- Re: Locating rogue APs Michael . Dillon (Feb 12)