nanog mailing list archives
Re: Detection of Rogue Access Points
From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Mon, 15 Oct 2012 06:06:50 +0530
restricting the number of mac addresses per switch port to one for your dhcp pool too, though more than one ap clones mac addresses. and make it unpopulr for the usual use cases by firewalling off stuff like dropbox, siri and icloud. there is of course commercial wips gear like this .. http://www.airtightnetworks.com/home/solutions/wireless-intrusion-prevention.html On Monday, October 15, 2012, Jonathan Lassoff wrote:
On Sun, Oct 14, 2012 at 1:59 PM, Jonathan Rogers <quantumfoam () gmail com<javascript:;>> wrote: This is actually a really tough problem to solve without either total dictatorial control of your switchports or lots of telemetry and monitoring. At $DAYJOB, we detect the transparent bridge case by having a subset of AP hardware setup as "monitors" that listen to 802.11 frames on the various channels, keeping a log of the client MAC addresses and the BSSID that they're associated with. Then, by selecting out only those client MAC addresses that are not associated to a known BSSID that we control, we compare that set of "unknown" client MAC addresses to the Ethernet L2 FIBs on our switches and look for matches. If we see entries, than there is some 802.11 device bridging clients onto our network and we hunt it down from there. I've yet to see a solid methodology for detecting NATing devices, short of requiring 802.1x authentication using expiring keys and one-time passwords. :p Cheers, jof
-- Suresh Ramasubramanian (ops.lists () gmail com)
Current thread:
- Re: Detection of Rogue Access Points, (continued)
- Re: Detection of Rogue Access Points Joe Hamelin (Oct 14)
- Message not available
- Re: Detection of Rogue Access Points Jonathan Rogers (Oct 14)
- RE: Detection of Rogue Access Points Dustin Jurman (Oct 14)
- Re: Detection of Rogue Access Points Jonathan Rogers (Oct 14)
- Re: Detection of Rogue Access Points Lyndon Nerenberg (Oct 14)
- Re: Detection of Rogue Access Points Matthias Waehlisch (Oct 14)
- Re: Detection of Rogue Access Points Lyndon Nerenberg (Oct 14)
- Re: Detection of Rogue Access Points Matthias Waehlisch (Oct 14)
- RE: Detection of Rogue Access Points Kenneth M. Chipps Ph.D. (Oct 14)
- Re: Detection of Rogue Access Points Aaron C. de Bruyn (Oct 14)
- RE: Detection of Rogue Access Points Kenneth M. Chipps Ph.D. (Oct 14)
- Re: Detection of Rogue Access Points Aaron C. de Bruyn (Oct 14)
- Re: Detection of Rogue Access Points Jonathan Lassoff (Oct 14)
- Re: Detection of Rogue Access Points Suresh Ramasubramanian (Oct 14)
- Re: Detection of Rogue Access Points Jimmy Hess (Oct 14)
- Re: Detection of Rogue Access Points Suresh Ramasubramanian (Oct 14)
- Re: Detection of Rogue Access Points Karl Auer (Oct 14)
- Re: Detection of Rogue Access Points Valdis . Kletnieks (Oct 15)
- Re: Detection of Rogue Access Points Jonathan Rogers (Oct 15)
- Re: Detection of Rogue Access Points Roy (Oct 15)
- Re: Detection of Rogue Access Points Joe Hamelin (Oct 15)
- Re: Detection of Rogue Access Points Sean Harlow (Oct 15)
- Re: Detection of Rogue Access Points Joe Hamelin (Oct 15)
- Re: Detection of Rogue Access Points Sean Harlow (Oct 15)
- Re: Detection of Rogue Access Points Valdis . Kletnieks (Oct 15)