RE: Tool to find rouge wireless access points?

[Dan Lynch <DLynch () placer ca gov>]

> So, I read the question as: How do I determine which APs, that are
> scanned and detected, are actually on my network.
> Unfortunately, I don't know of a tool that can effectively do this.
> Possibly some nmap script-fu?

I read the opposite, like so: I have a network with no wireless access, and multiple physical locations. How do I 
detect if a user somewhere has connected a wireless access point to a network jack? I could visit each location and use 
a wifi detector, but then how would I know if an AP I detected is connected to my network, and not the doctor's office 
next door? Is there a way to scan the *wired* network for connected APs?

The netdisco suggestion is a good one, but would seem to rely on the AP having SNMP enabled, and a known community 
string. 

NMAP seems to be a useable solution, but is clumsy, and would require knowledge of the AP OS. Do most APs have a bootp 
service on their wired interface?

Is there a list somewhere of AP manufacturers and the MAC address ranges we'd see for their wired interfaces? We could 
scan switch logs for those MACs.


Dan Lynch, CISSP
Information Technology Analyst
County of Placer
Auburn, CA

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------