RE: Wireless LAN detection

["Michael J. Sconzo" <msconzo () tamu edu>]

One fairly cheap solution would be to place a few linux boxes around the
office and/or areas that people could plug WAPs into.  On these boxes you
might consider a program called Kismet, the beauty of this program is that
it will detect APs that are not broadcasting their essid.  It does this by
listening for association frames.  I would consider this a good place to get
started...

-Mike

-----Original Message-----
From: Boschmann, Armin [mailto:aboschmann () hydro mb ca]
Sent: Friday, December 06, 2002 12:45 PM
To: 'security-basics () lists securityfocus com'
Subject: Wireless LAN detection


We have a policy of no-wireless at our sites.  I want to audit this policy,
similar to war-dialing, or more correctly war-driving.

My thinking is to find illegal wireless equipment in realtime.  My concern
is insiders (temporary employees, contractors, 'bad' employees) plugging in
a wireless access point, then accessing our network from the street, then
disconnecting.  So I am envisioning a computer with a wireless receiver that
will look for TCP/IP traffic, and tell me if it detects communications to
any of our computers.

I can see several problems, such as distinguishing between our 192.168.x.x
addresses and those on WLANs of our neighbors.  Also I would have to harden
the wireless detection computer, and ideally not connect it to our network
at all yet have some means of notifying me (pager, cell modem).

Does anyone know of a product that does this?  Or if you think my approach
is suspect, suggest another one?


Armin Boschmann
aboschmann () hydro mb ca
Manitoba Hydro