Penetration Testing mailing list archives
RE: Mapping wireless LANS from the wired side
From: Mike.Ruscher () CSE-CST GC CA
Date: Mon, 20 Aug 2001 17:26:26 -0400
Yes, MAC addresses by vendor will identify the device company, if one can assume they are valid and not spoofed. I do not see on the OUI site where the MAC addresses are associated with a company's particular device family though. This is essential for determining a wireless device from a wired one. Do most companies give this info out, or must it be extrapolated from experience? mgr -----Original Message----- From: woody weaver [mailto:woody () callisma com] Sent: Monday, August 20, 2001 12:26 PM To: Mike.Ruscher () CSE-CST GC CA; pen-test () securityfocus com Subject: RE: Mapping wireless LANS from the wired side On Monday, August 20, 2001 5:45 AM, Mike.Ruscher () CSE-CST GC CA wrote: [...]
When mapping a LAN topology, what are the general methods to use for discovering access points and wireless hosts from inside the wired network. This becomes important to detect rogue WLANS which are a potential threat to the enterprise as they might be behind firewalls etc. I would expect that the MAC addresses for APs would be unique to the various vendors., as would the wireless NICs on the WLAN hosts. Are there any scanning tools freely available that can do this kind of search?
Indeed, identifying the access points by the OUI gathered from arp table information works. The last time I did this sort of thing was by using a perl script that used fping to ping a range, and then SNMP.pm to pull the arp cache, feed it into an SQL database, and use the OUI information at <http://standards.ieee.org/regauth/oui/index.shtml> to figure out the nature of the device. The scripts are not complex. I can send a copy if there is interest. --woody ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Mapping wireless LANS from the wired side Mike . Ruscher (Aug 20)
- Re: Mapping wireless LANS from the wired side anindya (Aug 20)
- Re: Mapping wireless LANS from the wired side Ichinin (Aug 20)
- <Possible follow-ups>
- RE: Mapping wireless LANS from the wired side woody weaver (Aug 20)
- RE: Mapping wireless LANS from the wired side Mike . Ruscher (Aug 20)
- Re: Mapping wireless LANS from the wired side freehold (Aug 20)
- RE: Mapping wireless LANS from the wired side Mike . Ruscher (Aug 20)
- RE: Mapping wireless LANS from the wired side Joe Shaw (Aug 20)
- Re: Mapping wireless LANS from the wired side Ted Doty (Aug 20)
- Re: Mapping wireless LANS from the wired side dcdave (Aug 21)
- RE: Mapping wireless LANS from the wired side Joe Shaw (Aug 20)
- RE: Mapping wireless LANS from the wired side Mike . Ruscher (Aug 23)
- FW: Mapping wireless LANS from the wired side Mike . Ruscher (Aug 24)
- Re: Mapping wireless LANS from the wired side anindya (Aug 20)