Re: Wireless LAN detection

[Steve Jeffers <steve.jeffers () avnet com>]

In-Reply-To: <3DF4CEFF.2010704 () attbi com>

Some high end detection products are available from www.airdefense.net

Also some other sources such as aptools.sourceforge.net

> Received: (qmail 27867 invoked from network); 10 Dec 2002 00:32:50 -0000
> Received: from outgoing2.securityfocus.com (HELO 
outgoing.securityfocus.com) (205.206.231.26)
>  by mail.securityfocus.com with SMTP; 10 Dec 2002 00:32:50 -0000
> Received: from lists.securityfocus.com (lists.securityfocus.com 
[205.206.231.19])
>       by outgoing.securityfocus.com (Postfix) with QMQP
>       id AE87D8F2B8; Mon,  9 Dec 2002 16:18:13 -0700 (MST)
> Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <security-basics.list-id.securityfocus.com>
> List-Post: <mailto:security-basics () securityfocus com>
> List-Help: <mailto:security-basics-help () securityfocus com>
> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
> Delivered-To: mailing list security-basics () securityfocus com
> Delivered-To: moderator for security-basics () securityfocus com
> Received: (qmail 842 invoked from network); 9 Dec 2002 16:49:15 -0000
> Message-ID: <3DF4CEFF.2010704 () attbi com>
> Date: Mon, 09 Dec 2002 09:12:31 -0800
> From: Gene <gyoo () attbi com>
> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) 
Gecko/20021003
> X-Accept-Language: en-us, en
> MIME-Version: 1.0
> To: "Boschmann, Armin" <aboschmann () hydro mb ca>
> Cc: "'security-basics () lists securityfocus com'" <security-
basics () lists securityfocus com>
> Subject: Re: Wireless LAN detection
> References: <9BC8CAC649FCD211ABE90008C70895701162EBCA () mail02 hydro mb ca>
> Content-Type: text/plain; charset=us-ascii; format=flowed
> Content-Transfer-Encoding: 7bit
> X-OriginalArrivalTime: 09 Dec 2002 17:12:01.0054 (UTC) FILETIME=
[167E03E0:01C29FA6]
> you could look at software like netreg to identify unknow hosts that 
> connects to your network and start your audit policy from that point...
>
> gene
>
> Boschmann, Armin wrote:
> > We have a policy of no-wireless at our sites.  I want to audit this 
policy,
> > similar to war-dialing, or more correctly war-driving.  
> >
> > My thinking is to find illegal wireless equipment in realtime.  My 
concern
> > is insiders (temporary employees, contractors, 'bad' employees) 
plugging in
> > a wireless access point, then accessing our network from the street, 
then
> > disconnecting.  So I am envisioning a computer with a wireless receiver 
that
> > will look for TCP/IP traffic, and tell me if it detects communications 
to
> > any of our computers.  
> >
> > I can see several problems, such as distinguishing between our 
192.168.x.x
> > addresses and those on WLANs of our neighbors.  Also I would have to 
harden
> > the wireless detection computer, and ideally not connect it to our 
network
> > at all yet have some means of notifying me (pager, cell modem).
> >
> > Does anyone know of a product that does this?  Or if you think my 
approach
> > is suspect, suggest another one?
> >
> >
> > Armin Boschmann
> > aboschmann () hydro mb ca
> > Manitoba Hydro
>
>
> -- 
> Gene Yoo, gyoo () attbi com