nanog mailing list archives
Re: Detection of Rogue Access Points
From: james machado <hvgeekwtrvl () gmail com>
Date: Thu, 18 Oct 2012 11:21:45 -0700
On Thu, Oct 18, 2012 at 7:00 AM, Jonathan Rogers <quantumfoam () gmail com> wrote:
I like the idea of looking at the ARP table periodically, but this presents some possible issues for us. The edge routers at our remote sites are Cisco 1841 devices, typically with either an MPLS T1 or a Public T1 (connected via an IAD owned by Centurylink; router to router, so dumb). Aside from manually logging in to those individual routers (all 140 or so of them) and checking them on a schedule, can anyone think of a good way to capture that information automatically? If I had to I could probably come up with a script to log in to them and scrape the info then process it but...eww.
quite a few people have leveraged RANCID (http://www.shrubbery.net/rancid/) for doing stuff like this. it is made to pull configs from routers on a cycle and produces text files that can be worked with. you can use the tools that are there to pull specific information, such as arp tables, and then process the resultant files with your scripting language of choice. check the mail list for examples of this kind of thing.
Another possible option (although costly) is installing a Ruckus device at each location; we have a Ruckus infrastructure at our HDQ and it works great (almost too good, it's super sensitive) at picking up rogues. A Ruckus WAP could talk to our ZoneDirector appliance and do that for us at each site, I think, but it may be difficult to justify the cost. --JR
james
Current thread:
- Re: Detection of Rogue Access Points, (continued)
- Re: Detection of Rogue Access Points Martin Hepworth (Oct 14)
- Re: Detection of Rogue Access Points John Kristoff (Oct 17)
- Re: Detection of Rogue Access Points Jason Antman (Oct 18)
- Re: Detection of Rogue Access Points Jonathan Rogers (Oct 18)
- RE: Detection of Rogue Access Points Raymond Burkholder (Oct 18)
- Re: Detection of Rogue Access Points Phil Regnauld (Oct 18)
- Re: Detection of Rogue Access Points Jonathan Rogers (Oct 18)
- Re: Detection of Rogue Access Points Jonathan Rogers (Oct 18)
- Re: Detection of Rogue Access Points Joe Hamelin (Oct 18)
- Re: Detection of Rogue Access Points Chris Boot (Oct 20)
- Re: Detection of Rogue Access Points Jonathan Rogers (Oct 18)
- Re: Detection of Rogue Access Points james machado (Oct 18)