Security Basics mailing list archives
RE: Finding Wireless AP's on your network
From: "Nick Besant" <Nick.Besant () ioko com>
Date: Fri, 21 Apr 2006 15:01:04 +0100
-----Original Message----- From: Warren, John [mailto:John.B.Warren () txgt com] Sent: 19 April 2006 20:09 To: security-basics () securityfocus com Subject: Finding Wireless AP's on your network What would be the best way to locate wireless devices on a remote network? Some of these sites are hundreds of miles away from me, so it's not feasible to detect them via normal methods (i.e., airsnort, kismet, etc). Is there a way that I can easily tell if one is plugged into one of the switches at the remote location?
Given that an AP could be connected anywhere (even as an adapter onto an existing host machine, creating a bridge), it's not too easy; couple of suggestions : 1. Using a recent nmap (ramped down to avoid annoying anyone if your links to remote site aren't large) with -sV (service/version detection) and -O (operating system detection) should help as a start, depending on the size of your network and the variety of kit you'd expect to see. This should at least give you a start point. If run regularly you can build up a pattern of what you would expect to see and generate reports on things that haven't connected before. 2. If you're using DHCP to assign addresses on your network you could check for unusual amounts of leases being assigned (e.g. to a single MAC address) 3. Use SNMP or scripts to pull the data off your switches (if they're managed) to dump CAM/MAC tables - e.g. use "show mac" or "show cam dynamic" on Cisco kit. The other suggestions (nessus, shipping out soekris boxes etc) are all just as good; I don't think there's any easy way at the moment without regular auditing of some kind. HTH Nick Besant Communications on or through ioko's computer systems may be monitored or recorded to secure effective system operation and for other lawful purposes. Unless otherwise agreed expressly in writing, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee is authorised to conclude any binding agreement on behalf of ioko with another party by e-mail without prior express written confirmation. ioko365 Ltd. VAT reg 656 2443 31. Reg no 3048367. All rights reserved. ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- Finding Wireless AP's on your network Warren, John (Apr 19)
- Re: Finding Wireless AP's on your network Saqib Ali (Apr 20)
- RE: Finding Wireless AP's on your network Goran Pizent (Apr 20)
- <Possible follow-ups>
- Re: Finding Wireless AP's on your network refskou (Apr 20)
- Re: Finding Wireless AP's on your network Me (Apr 20)
- Re: Finding Wireless AP's on your network none (Apr 20)
- Re: Finding Wireless AP's on your network uv4th4 (Apr 20)
- RE: Finding Wireless AP's on your network Conlan Adams (Apr 20)
- Re: Finding Wireless AP's on your network hein (Apr 20)
- RE: Finding Wireless AP's on your network Hayes, Ian (Apr 21)
- RE: Finding Wireless AP's on your network Nick Besant (Apr 21)