RE: Wireless LAN detection

["Robinson, Sonja" <SRobinson () HIPUSA com>]

NetStumbler and WEPCrack are two programs to use to sniff and crack your
wireless network.  You might pick up your neighbors wireless, that's a risk
but better them then you.  Hopefully they will have tuned down their
broadcast range but probably not.   Hopefully their SSID is not default and
is hard to crack. 

Bastion host the wireless laptop.  It essentially will be on a DMZ so make
sure it is a secure build with no extraneous info stored on it and the O/S
hardened to the max.  Odds are it won't get hacked in the time that you war
drive.  And you should notice since you should have your own firewall s/w up
on that box.

Redefine "illegal".  Unauthorized is the word you want to use.

There are a number of paging alerts.  AlarmPoint is one, but there are some
free ones availabe if you search.

> -----Original Message-----
> From: Boschmann, Armin [mailto:aboschmann () hydro mb ca] 
> Sent: Friday, December 06, 2002 1:45 PM
> To: 'security-basics () lists securityfocus com'
> Subject: Wireless LAN detection
>
>
> We have a policy of no-wireless at our sites.  I want to 
> audit this policy, similar to war-dialing, or more correctly 
> war-driving.  
>
> My thinking is to find illegal wireless equipment in 
> realtime.  My concern is insiders (temporary employees, 
> contractors, 'bad' employees) plugging in a wireless access 
> point, then accessing our network from the street, then 
> disconnecting.  So I am envisioning a computer with a 
> wireless receiver that will look for TCP/IP traffic, and tell 
> me if it detects communications to any of our computers.  
>
> I can see several problems, such as distinguishing between 
> our 192.168.x.x addresses and those on WLANs of our 
> neighbors.  Also I would have to harden the wireless 
> detection computer, and ideally not connect it to our network 
> at all yet have some means of notifying me (pager, cell modem).
>
> Does anyone know of a product that does this?  Or if you 
> think my approach is suspect, suggest another one?
>
>
> Armin Boschmann
> aboschmann () hydro mb ca
> Manitoba Hydro


**********************************************************************
This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for the individual(s) named herein or 
others specifically authorized to receive the communication. If you are not the intended recipient, you are hereby 
notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have 
received this communication in error, please notify the sender of the error immediately, do not read or use the 
communication in any manner, destroy all copies, and delete it from your system if the communication was sent via 
email. 




**********************************************************************