RE: Wireless LAN detection

["Alban Kuster" <alban () subzone ch>]

Hi,
Use something like kismet or try the linux-wifi distrib "warlinux"
(https://sourceforge.net/projects/warlinux/), contains a lot of nice
appz & is a knoppix-like boot-from-cd-OS.

Cheers

alban




-----Original Message-----
From: Boschmann, Armin [mailto:aboschmann () hydro mb ca] 
Sent: Friday, December 06, 2002 10:45 AM
To: 'security-basics () lists securityfocus com'
Subject: Wireless LAN detection

We have a policy of no-wireless at our sites.  I want to audit this
policy,
similar to war-dialing, or more correctly war-driving.  

My thinking is to find illegal wireless equipment in realtime.  My
concern
is insiders (temporary employees, contractors, 'bad' employees) plugging
in
a wireless access point, then accessing our network from the street,
then
disconnecting.  So I am envisioning a computer with a wireless receiver
that
will look for TCP/IP traffic, and tell me if it detects communications
to
any of our computers.  

I can see several problems, such as distinguishing between our
192.168.x.x
addresses and those on WLANs of our neighbors.  Also I would have to
harden
the wireless detection computer, and ideally not connect it to our
network
at all yet have some means of notifying me (pager, cell modem).

Does anyone know of a product that does this?  Or if you think my
approach
is suspect, suggest another one?


Armin Boschmann
aboschmann () hydro mb ca
Manitoba Hydro