RE: Rouge Wireless AP

["Daniel A. O'Neal" <doneal () kwintl com>]

ManageEngine do have some free versions of their software, which is what I use for simple reporting on servers and high 
interest devices.  However as I said before, depending on the company, the investment in the full version might be 
worth it.

My biggest problem with Linux is: You get what you pay for, whether it's in cash or labor hours.

Daniel 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Greg Copenhaver
Sent: Friday, November 13, 2009 11:31 AM
To: 'Steven Bonici'
Cc: Murda Mcloud; security-basics () lists securityfocus com
Subject: RE: Rouge Wireless AP

Or kismet, which is passive, rather than actively probing like NetStumbler does.  Since it does not rely on probing to 
detect networks, and rather just listens for any wifi traffic, it will detect APs even if they have their SSID 
broadcast disabled, and won't give you away as someone searching for the rogue AP.  kismet is also open source, if that 
matters to you at all.  It also has built-in GPS support, through the gpsd daemon.

http://www.kismetwireless.net/

I'm pretty sure kismet in the BackTrack live cd, so if you run that (no installation needed), you can run kismet 
without the hassle of installing a new OS (linux) and compiling kismet.  It's possible you may have driver issues for 
your wifi card, however.


http://www.remote-exploit.org/backtrack.html


On Fri, 2009-11-13 at 08:52 +1000, Murda Mcloud wrote:
> How about NetStumbler? Or mini stumbler? They find any wireless ap's 
> and tell you how strong their signals are and SSID's if needed. It's 
> 'free' so feel free to donate!
>
> http://www.netstumbler.com/
>
> What is harder is tracking them down or triangulating position. 
> NetStumbler has some GPS integration which could help you with 'maps'.
>
> > > -----Original Message-----
> > > From: listbounce () securityfocus com 
> > > [mailto:listbounce () securityfocus com]
> > > On Behalf Of Steven Bonici
> > > Sent: Thursday, November 12, 2009 5:28 AM
> > > To: security-basics () lists securityfocus com
> > > Subject: Rouge Wireless AP
> > >
> > >
> > > We have residential homes with PC's installed, Internet access, and 
> > > I know there are people installing there own wireless Aps during 
> > > overnight shifts because they ones we have installed are secured.  
> > > I know there are a lot of ways to find out, but is there any 
> > > relatively small application that can be installed on a PC to 
> > > identify either the rouge AP or laptop connecting to the network?
> > >
> > > Thanks - Steven
> > >
> > > -------------------------------------------------------------------
> > > ----- Securing Apache Web Server with thawte Digital Certificate In 
> > > this guide we examine the importance of Apache-SSL and who needs an 
> > > SSL certificate.  We look at how SSL works, how it benefits your 
> > > company and how your customers can tell if a site is secure. You 
> > > will find out how to test, purchase, install and use a thawte 
> > > Digital Certificate on your Apache web server. Throughout, best 
> > > practices for set-up are highlighted to help you ensure efficient 
> > > ongoing management of your encryption keys and digital certificates.
> > >
> > > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6
> > > be442f
> > > 727d1
> > > -------------------------------------------------------------------
> > > -----
>
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this 
> guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it 
> benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
> install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
> highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f727d1
> ----------------------------------------------------------------------
> --