Re: Wired detection of rogue access points

[Hari Sekhon <hpsekhon () googlemail com>]

I tried it out, and I understand what you are trying to do but my 
results where a fair way off, some were spot on, but a lot of others 
weren't. I know it's not an easy job to fingerprint in this way. 
Couldn't you leverage some Nmap work, since they have good and reliable 
fingerprints.

Also, there were so many wifi-suspect that I either would spend ages 
investigating everything or not at all (possibly the latter)

-h

Hari Sekhon



Chris Waters wrote:
> Hi,
>
> Every network device has some fingerprint in the way that it interacts
> with the network. This includes things like the open ports, the
> responses to probes on those ports, the operating system it is
> running, the broadcast protocols is uses (DHCP, UPnP, CDP, IAPP, etc),
> its MAC address, etc.
>
> This fingerprint information can be used to uniquely identify
> virtually every type of network device, assuming of course that you
> have a database of the fingerprints for all the devices that might
> exist on the network.
>
> This is exactly how RogueScanner (roguescanner.networkchemistry.net)
> works. It probes devices to determine their fingerprints as well as
> looking at the packets that they broadcast onto the network. By using
> lots of techniques together it is possible to accurately find and
> classify all sorts of devices, including wifi routers which may using
> firewalling and MAC address cloning to hide themselves.
>
> Regards,
>
> Chris Waters
> CTO, PhD
> Network Chemistry, Inc
> cwaters () networkchemistry com
>
> On Mon, 2007-03-19 at 10:20 +0000, johnnywkm () gmail com wrote:
> > Hello there,
> >
> > Can anyone point me to a wired LAN scanner/sniffer that detects 
> > wireless access points connected to the LAN?
>
> Doesn't look possible to me. You can detect wireless stuff but not
> from cable side. There is a endless ways to hide it but you cannot
> hide radio waves so easily.
>
>    Tõnu
>
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to 
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
>
> to learn more.
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from 
> CORE IMPACT.
> Go to 
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
> to learn more.
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------