nanog mailing list archives
Re: Detection of Rogue Access Points
From: Chris Boot <bootc () bootc net>
Date: Thu, 18 Oct 2012 17:31:05 +0100
On 18/10/12 15:12, Joe Hamelin wrote:
On Thu, Oct 18, 2012 at 7:00 AM, Jonathan Rogers<quantumfoam () gmail com> wrote:I like the idea of looking at the ARP table periodically, but this presents some possible issues for us.Is it just WAPs that you are worried about or any rouge device at the remote sites? If you're doing medical data then I would think that any non-company device would be suspect. If that is the case then ARP scraping is the better way. Basically you need an inventory of what is at the sites. This you should already have and if you don't, that is your first step. A bit of perl and expect scripting would get you a long way to your goal. Like I mentioned before, if you don't have the time/talent to script the task, call out for a coder-for-hire.
You should be able to get the ARP table off a router using SNMP, which would be much cleaner than using expect to login to a router's management interface...
HTH, Chris
Current thread:
- Re: Detection of Rogue Access Points, (continued)
- Re: Detection of Rogue Access Points Jon Sevier (Oct 14)
- Re: Detection of Rogue Access Points Peter Phaal (Oct 14)
- Re: Detection of Rogue Access Points Martin Hepworth (Oct 14)
- Re: Detection of Rogue Access Points John Kristoff (Oct 17)
- Re: Detection of Rogue Access Points Jason Antman (Oct 18)
- Re: Detection of Rogue Access Points Jonathan Rogers (Oct 18)
- RE: Detection of Rogue Access Points Raymond Burkholder (Oct 18)
- Re: Detection of Rogue Access Points Phil Regnauld (Oct 18)
- Re: Detection of Rogue Access Points Jonathan Rogers (Oct 18)
- Re: Detection of Rogue Access Points Jonathan Rogers (Oct 18)
- Re: Detection of Rogue Access Points Joe Hamelin (Oct 18)
- Re: Detection of Rogue Access Points Chris Boot (Oct 20)
- Re: Detection of Rogue Access Points Jonathan Rogers (Oct 18)
- Re: Detection of Rogue Access Points james machado (Oct 18)