Security Basics mailing list archives

Re: Fake AP in the Vendor field of Netstumbler

From: "Ghaith Nasrawi" <libero () aucegypt edu>
Date: Tue, 30 Nov 2004 10:25:40 +0000

I'm not 100% sure why you saw that, but I saw them on different context.
I work for a networking manufacturer and I used to see that "fake" when
we were building pre-production APs with fake MAC addresses for testing
purpose.

So I'd assume somebody might have changed the MAC addresses of those APs
to unknown Organizationally Unique Identifier (OUI).

check this

http://standards.ieee.org/faqs/OUI.html

cheers,

g.


 On Sat, 2004-11-27 at 12:23 +0000, shankarnarayan.d () netsol co in wrote:


Hi,

  Was working on the Vulnerability Assessment of a client network

with about 100 Access Points. Began with Netstumbler and it started
showing me some AP's as Fake in the Vendor field. I know that they are
Cisco AP's, but am not too sure why they are displayed as Fake AP's


I googled around a little but did not get any satisfactory answers -

one on Netstumbler.org said it was a quirk in the version 0.4.0.
Others suggested that I delete the Fake entry and retry - this also
did not lead me anywhere


Anyone 'stumbled' on some other explanations

Rgds,
Shankar

--


 (o_
 //\   Ghaith Nasrawi
 V_/_


"Evil thrives when good men do nothing"

Current thread:

Fake AP in the Vendor field of Netstumbler shankarnarayan.d (Nov 29)
- <Possible follow-ups>
- RE: Fake AP in the Vendor field of Netstumbler OTTO, DOUGLAS P. (Nov 29)
  - RE: Fake AP in the Vendor field of Netstumbler Steve Fletcher (Nov 30)
- Re: Fake AP in the Vendor field of Netstumbler Ghaith Nasrawi (Nov 30)