nanog mailing list archives
Re: Detection of Rogue Access Points
From: Sean Harlow <sean () seanharlow info>
Date: Mon, 15 Oct 2012 20:29:32 -0400
On Mon, Oct 15, 2012 at 7:31 PM, Joe Hamelin <joe () nethead com> wrote:
Jonathan stated that they have health data on the network and only company issued devices are allowed. I would suggest to him that he inventory the equipment via MAC address (I'm guessing that it's mostly standard issue stuff that would be easy to recognize) and then lock down unused ports and setup up monitoring. If a new MAC appears on the network, then it better have been sent there by IT.
I won't argue with that. When no official wireless network is involved, a MAC whitelist can be very effective. It'll catch any casual user attempting to homebrew a WiFi setup and significantly increase the odds of detecting an actual attacker. Even if the switches are at the lowest end of "smart" and only expose a web interface it's not too hard to rig up a screen scraper to list the connected devices on a regular basis and alert if anything new is seen. I'd expect that there are probably at least a dozen commercial and/or open source tools that already exist for the purpose, actually.
Current thread:
- Re: Detection of Rogue Access Points, (continued)
- Re: Detection of Rogue Access Points Suresh Ramasubramanian (Oct 14)
- Re: Detection of Rogue Access Points Jimmy Hess (Oct 14)
- Re: Detection of Rogue Access Points Suresh Ramasubramanian (Oct 14)
- Re: Detection of Rogue Access Points Karl Auer (Oct 14)
- Re: Detection of Rogue Access Points Valdis . Kletnieks (Oct 15)
- Re: Detection of Rogue Access Points Jonathan Rogers (Oct 15)
- Re: Detection of Rogue Access Points Roy (Oct 15)
- Re: Detection of Rogue Access Points Joe Hamelin (Oct 15)
- Re: Detection of Rogue Access Points Sean Harlow (Oct 15)
- Re: Detection of Rogue Access Points Joe Hamelin (Oct 15)
- Re: Detection of Rogue Access Points Sean Harlow (Oct 15)
- Re: Detection of Rogue Access Points Ryan McBride (Oct 16)
- Re: Detection of Rogue Access Points George Herbert (Oct 15)
- Re: Detection of Rogue Access Points Sean Harlow (Oct 15)
- Re: Detection of Rogue Access Points Valdis . Kletnieks (Oct 15)
- Re: Detection of Rogue Access Points David Cantrell (Oct 16)