Penetration Testing mailing list archives
Re: Identification of non Cisco AP's
From: hfortier <hfortier () recon cx>
Date: Wed, 27 Jul 2005 15:03:50 -0400
I would use nmap to port scan/banner grab all port 80 and drop any IIS, Apache, Netscape then I would then check manually the rest of ip that matched.
I would also check the mac address of the network device on my network, and then veryfying manually all the device that matched the mac. There is list of mac address used by accesspoint available freely on the net http://svn.kismetwireless.net/code/trunk/conf/ap_manuf. If your switch and routers are snmp enabled, you could probe them to find trace of those mac been used. Advantage with this solution is that you'll notice quickly if a AP get hooked in.
Hugo Jonathan Gauntt wrote:
Hi, I have been tasked with the project of scanning and identifying all non Cisco wireless access points within the company’s network. We have about 800 /22 and /24 subnets, and because of the IP addressing scheme in place, might just be easier for me to scan the whole class A range of IP’s. I have access to Nessus and GFI Security Scanner. Since we over 8000 IP’s in place, does anyone have any advice on the best way to identify these non Cisco AP’s such as Linksys and Netgear, etc. I wouldn’t want to have a report produced that is two miles long unless absolutely necessary. Thanks, Jonathan
Current thread:
- Identification of non Cisco AP's Jonathan Gauntt (Jul 26)
- Re: Identification of non Cisco AP's Peter Wood (Jul 27)
- RE: Identification of non Cisco AP's Jonathan Gauntt (Jul 28)
- Re: Identification of non Cisco AP's Chuck (Jul 27)
- RE: Identification of non Cisco AP's Jonathan Gauntt (Jul 28)
- Re: Identification of non Cisco AP's Ian Gorrie (Jul 27)
- Re: Identification of non Cisco AP's ben creitz (Jul 27)
- RE: Identification of non Cisco AP's Jonathan Gauntt (Jul 28)
- Re: Identification of non Cisco AP's hfortier (Jul 27)
- Re: Identification of non Cisco AP's Sherwood R. Probeck (Jul 28)
- RE: Identification of non Cisco AP's Jonathan Gauntt (Jul 29)
- <Possible follow-ups>
- Re: Re: Identification of non Cisco AP's mox11 (Jul 27)
- RE: Identification of non Cisco AP's Todd Towles (Jul 28)
- RE: Identification of non Cisco AP's Jonathan Gauntt (Jul 28)
- Re: Re: Re: Identification of non Cisco AP's seventil (Jul 28)
- Re: Identification of non Cisco AP's Peter Wood (Jul 27)