nanog mailing list archives

Re: Detection of Rogue Access Points

From: Lyndon Nerenberg <lyndon () orthanc ca>
Date: Sun, 14 Oct 2012 14:43:07 -0700

I'm looking for innovative ideas on how to find such a rogue device,
ideally as soon as it is plugged in to the network.


There was a SIGCOMM paper a few years back that described a scheme based on measuring the the ACK delays of TCP 
sessions. In a nutshell, you can detect nodes on the wireless network by looking for the extra delay added by the radio 
link.  It had very good accuracy, and caught new nodes quickly.  It didn't require any prior knowledge of the network.

I don't have a copy of the paper at hand, and I don't remember the title/author or the publication date (2007ish?), but 
maybe this will ring a bell for someone else on the list who does.

--lyndon

Current thread:

Detection of Rogue Access Points Jonathan Rogers (Oct 14)
- Re: Detection of Rogue Access Points Joe Hamelin (Oct 14)
- Message not available
  - Re: Detection of Rogue Access Points Jonathan Rogers (Oct 14)
    - RE: Detection of Rogue Access Points Dustin Jurman (Oct 14)
- Re: Detection of Rogue Access Points Lyndon Nerenberg (Oct 14)
  - Re: Detection of Rogue Access Points Matthias Waehlisch (Oct 14)
    - Re: Detection of Rogue Access Points Lyndon Nerenberg (Oct 14)
- RE: Detection of Rogue Access Points Kenneth M. Chipps Ph.D. (Oct 14)
  - Re: Detection of Rogue Access Points Aaron C. de Bruyn (Oct 14)
    - RE: Detection of Rogue Access Points Kenneth M. Chipps Ph.D. (Oct 14)
- Re: Detection of Rogue Access Points Jonathan Lassoff (Oct 14)
  - Re: Detection of Rogue Access Points Suresh Ramasubramanian (Oct 14)
  - Re: Detection of Rogue Access Points Jimmy Hess (Oct 14)
    - Re: Detection of Rogue Access Points Suresh Ramasubramanian (Oct 14)
- Re: Detection of Rogue Access Points Karl Auer (Oct 14)

(Thread continues...)