Security Basics mailing list archives
Re: Tool to find rouge wireless access points?
From: Vic Vandal <vvandal () well com>
Date: Mon, 21 May 2012 07:54:40 -0700 (PDT)
Jeff, The word jammer was a poor analogy because of the possible term confusion. My bad. In that same sentence I mentioned that the devices being referred to basically DoS unknown/rogue APs. Example: http://www.airtightnetworks.com/fileadmin/content_images/demos/RogueAP-Demo/RogueAP-Demo.html That particular device will transmit spoofed disconnection frames that block client access to a detected rogue AP. DoS. I just say "wireless jammer" when referring to them around the workplace because "wireless detector that transmits spoofed disconnection frames to deny wireless service access" is a mouthful. Actual wireless RF jamming would not be so discriminate, and like you said it's generally illegal. I have seen the use of devices that DoS rogue APs in corporate and government environments. Sometimes they knock down legitimate wireless devices, and sometimes they fail to DoS the true rogue devices they do detect. So the technology isn't perfect but it generally works as advertised. Peace, Vic ----- Original Message ----- From: "Jeff Hargiss" <Jeff.Hargiss () anheuser-busch com> To: "Vic Vandal" <vvandal () well com>, "Marcus Adams" <marcus.adams () virtuesecurity com> Sent: Friday, May 18, 2012 4:02:41 PM Subject: RE: Tool to find rouge wireless access points? Since jamming ANY radio signal within the U.S. is a federal violation [unless you are the federal gov.].... Have you seen this in actual practice? (jamming meaning intentional interference by radiating rf) http://www.fcc.gov/encyclopedia/jammer-enforcement -jh -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Vic Vandal Sent: Friday, May 18, 2012 2:09 PM To: Marcus Adams Cc: security-basics () securityfocus com; Jon D Subject: Re: Tool to find rouge wireless access points? Jon, If you have Cisco APs strategically deployed around your building the Cisco Wireless Access Controller can use its DB of authorized access points to detect rogue APs and triangulate their location. That triangulation ensures that you're not picking up APs or other wireless devices that are outside of your building. You can also buy wireless jammers that DoS unknown APs on the network. -Vic ----- Original Message ----- From: "Marcus Adams" <marcus.adams () virtuesecurity com> To: "Jon D" <rekcahpmip () gmail com> Cc: security-basics () securityfocus com Sent: Thursday, May 17, 2012 7:15:30 PM Subject: Re: Tool to find rouge wireless access points? Hi Jon, Wired detection of rogue APs has two possible downsides. The first is that you are simply relying on the MAC address in use to be authentic. This can be easily modified by most home routers. The second is that even when you do detect a rogue AP via MAC address, you may not know where the device actually exists (depends on your network). Doing an actual wireless war walk is the only sure way to root out any rogue access points. The best way to do this is with something like airodump. I also recommend using an external wifi card to get the best signal reading possible. If you play around with it enough, you will see its pretty easy to consistently get within a few feet of any access point. You should just ensure you are scanning a/b/g/n bands and also watch for APs with non-broadcasting ESSIDs. In addition to doing war walks, you may also want to evaluate a WIDS that can monitor, triangulate, and alert in real time if rogue access points crop up. Good Luck! Marcus On Mon, May 14, 2012 at 11:28 AM, Jon D <rekcahpmip () gmail com> wrote:
Does anyone know of a tool to find rouge wireless access points? I know of a lot of the various wireless scanners, but with those, it's impossible to know if it's an AP on your network, or another companies network. Especially in office buildings where there are other companies above, below, and beside you. It seems like the only way to do it is to scan on the wired network for APs of any make/model, but I'm not aware of a tool that does it. Thanks, Jon ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
-- Marcus Adams Senior Security Consultant | CISSP | CE|H Virtue Security - http://www.virtuesecurity.com Marcus.Adams () virtuesecurity com ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Anheuser-Busch InBev Email Disclaimer www.ab-inbev.com ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Tool to find rouge wireless access points?, (continued)
- Re: Tool to find rouge wireless access points? Vincent Ngundi (May 15)
- Re: Tool to find rouge wireless access points? Patrick Laverty (May 15)
- Re: Tool to find rouge wireless access points? Brandon Edmunds (May 15)
- RE: Tool to find rouge wireless access points? Erik Muttersbach (May 16)
- Re: Tool to find rouge wireless access points? Marcus Adams (May 18)
- Re: Tool to find rouge wireless access points? Vic Vandal (May 18)
- Re: Tool to find rouge wireless access points? Obluda Nemá Jméno Obluda Nemá Jméno Obluda Nemá Jméno (May 21)
- Re: Tool to find rouge wireless access points? Obluda Nemá Jméno Obluda Nemá Jméno Obluda Nemá Jméno (May 21)
- Re: Tool to find rouge wireless access points? Vic Vandal (May 18)
- RE: Tool to find rouge wireless access points? Vincent Yeo (May 16)
- RE: Tool to find rouge wireless access points? David Gillett (May 16)
- Re: Tool to find rouge wireless access points? Vic Vandal (May 21)