Re: Tool to find rouge wireless access points?

[Vic Vandal <vvandal () well com>]

Jeff,

The word jammer was a poor analogy because of the possible term confusion.  My bad.  In that same sentence I mentioned 
that the devices being referred to basically DoS unknown/rogue APs.  Example:
http://www.airtightnetworks.com/fileadmin/content_images/demos/RogueAP-Demo/RogueAP-Demo.html

That particular device will transmit spoofed disconnection frames that block client access to a detected rogue AP.  
DoS.  I just say "wireless jammer" when referring to them around the workplace because "wireless detector that 
transmits spoofed disconnection frames to deny wireless service access" is a mouthful.

Actual wireless RF jamming would not be so discriminate, and like you said it's generally illegal.

I have seen the use of devices that DoS rogue APs in corporate and government environments.  Sometimes they knock down 
legitimate wireless devices, and sometimes they fail to DoS the true rogue devices they do detect.  So the technology 
isn't perfect but it generally works as advertised.  

Peace,
Vic

----- Original Message -----
From: "Jeff Hargiss" <Jeff.Hargiss () anheuser-busch com>
To: "Vic Vandal" <vvandal () well com>, "Marcus Adams" <marcus.adams () virtuesecurity com>
Sent: Friday, May 18, 2012 4:02:41 PM
Subject: RE: Tool to find rouge wireless access points?

Since jamming ANY radio signal within the U.S. is a federal violation [unless you are the federal gov.]....  Have you 
seen this in actual practice?

(jamming meaning intentional interference by radiating rf)

http://www.fcc.gov/encyclopedia/jammer-enforcement


-jh


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Vic Vandal
Sent: Friday, May 18, 2012 2:09 PM
To: Marcus Adams
Cc: security-basics () securityfocus com; Jon D
Subject: Re: Tool to find rouge wireless access points?

Jon,

If you have Cisco APs strategically deployed around your building the Cisco Wireless Access Controller can use its DB 
of authorized access points to detect rogue APs and triangulate their location.  That triangulation ensures that you're 
not picking up APs or other wireless devices that are outside of your building.

You can also buy wireless jammers that DoS unknown APs on the network.

-Vic

----- Original Message -----
From: "Marcus Adams" <marcus.adams () virtuesecurity com>
To: "Jon D" <rekcahpmip () gmail com>
Cc: security-basics () securityfocus com
Sent: Thursday, May 17, 2012 7:15:30 PM
Subject: Re: Tool to find rouge wireless access points?

Hi Jon,

Wired detection of rogue APs has two possible downsides. The first is
that you are simply relying on the MAC address in use to be authentic.
This can be easily modified by most home routers. The second is that
even when you do detect a rogue AP via MAC address, you may not know
where the device actually exists (depends on your network).

Doing an actual wireless war walk is the only sure way to root out any
rogue access points. The best way to do this is with something like
airodump. I also recommend using an external wifi card to get the best
signal reading possible. If you play around with it enough, you will
see its pretty easy to consistently get within a few feet of any
access point. You should just ensure you are scanning a/b/g/n bands
and also watch for APs with non-broadcasting ESSIDs.

In addition to doing war walks, you may also want to evaluate a WIDS
that can monitor, triangulate, and alert in real time if rogue access
points crop up.

Good Luck!
Marcus


On Mon, May 14, 2012 at 11:28 AM, Jon D <rekcahpmip () gmail com> wrote:
> Does anyone know of a tool to find rouge wireless access points?
> I know of a lot of the various wireless scanners, but with those, it's
> impossible to know if it's an AP on your network, or another companies
> network. Especially in office buildings where there are other
> companies above, below, and beside you.
>
> It seems like the only way to do it is to scan on the wired network
> for APs of any make/model, but I'm not aware of a tool that does it.
>
>
>
> Thanks,
> Jon
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------



--
Marcus Adams
Senior Security Consultant | CISSP | CE|H
Virtue Security - http://www.virtuesecurity.com
Marcus.Adams () virtuesecurity com

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Anheuser-Busch InBev Email Disclaimer www.ab-inbev.com

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------