Penetration Testing mailing list archives
Re: Tools for Detecting Wireless APs - from the wire side.
From: Lot Flo <l0tusphlower () yahoo com>
Date: Tue, 11 Jun 2002 12:40:29 -0700 (PDT)
An obvious idea that was not directly mentioned is to attempt to connect to the management ports (Cisco Aironet AP can have telnet and http enabled, as well as snmp) of the various AP's and banner grab (of course, if access control mechanisms are in place, this could skew your results). In light of this idea, it would be nice to see the default services, banners, unique ICMP, TCP, UDP responses of the different AP's centrally documented so our fellow professionals could learn to recognize these devices faster. Also, certainly some type of sniffing on the wired LAN could be used to gather AP MAC addresses as well as clear-text HTTP management of the AP through strings such as (assuming Aironet) GET /SetWEP_Keys.shm and others. If the AP environment is using a RADIUS server for authentication such as Ciscos LEAP or EAP, EAP-TTLS, etc you could sniff the RADIUS access request and obtain info about the AP that way (I don't have a trace handy at the moment, so can't give any more info). Of course, the usual issues related to sniffing apply, but these are a few additional ideas. Curt Wilson Security Engineer __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- RE: Tools for Detecting Wireless APs - from the wire side., (continued)
- RE: Tools for Detecting Wireless APs - from the wire side. Greg (Jun 10)
- RE: Tools for Detecting Wireless APs - from the wire side. Jon (Jun 10)
- Re: Tools for Detecting Wireless APs - from the wire side. Pierre Vandevenne (Jun 10)
- Re: Tools for Detecting Wireless APs - from the wire side. Matthew Leeds (Jun 10)
- Re: Tools for Detecting Wireless APs - from the wire side. Martin Glazer (Jun 18)
- RE: Tools for Detecting Wireless APs - from the wire side. Soren Macbeth (Jun 10)
- RE: Tools for Detecting Wireless APs - from the wire side. Isherwood Jeff C Contr AFRL/IFOSS (Jun 10)
- RE: Tools for Detecting Wireless APs - from the wire side. Kohlenberg, Toby (Jun 10)
- RE: Tools for Detecting Wireless APs - from the wire side. Duffy, Shawn (Jun 10)
- FW: Tools for Detecting Wireless APs - from the wire side. Rosado, Rafael (Rafael) (Jun 10)
- Re: Tools for Detecting Wireless APs - from the wire side. Lot Flo (Jun 11)