RE: Wireless blocking

["David Gillett" <gillettdavid () fhda edu>]

  It's certainly easier to find if it will broadcast the SSID.
But even if it doesn't, the SSID will be present in traffic when 
it is actually in use.

  One of the tools I carry is a directional "hotspot finder".
Having a report in hand of unauthorised wireless in a particular 
area, it has been able to quickly lead me to the violator's
office.
  This will become less useful as our legitimate wireless coverage 
is enhanced -- but with that will come the capability to detect 
and jam rogue points....

  Actually, the first rogue wireless router I found showed up a
bit differently.  A wireless client tried to hack one of our systems.
(We didn't know it was wireless at the time.)  When I did a traceroute
to the attacker, I got a response from another device on the same 
address block first, and THAT turned out to be due to proxy ARP
response from the rogue router.  But (a) that's an artefact of
how that particular router was configured, and (b) it's not something
you can probably easily scan your network for.

David Gillett


> -----Original Message-----
> From: Daryl Davis [mailto:daryl () ultbingo com] 
> Sent: Tuesday, October 04, 2005 9:56 AM
> To: security-basics () securityfocus com
> Subject: Wireless blocking
>
> I believe I have an unauthorized wireless router on my 
> network.  I have been unable to physically find it as of yet.
>
> Does anyone know how to find the hidden SSID and then Jam it?
>
> Thank you.
>
> Daryl R Davis
> Digital Game Media, Inc.