Re: Tools for Detecting Wireless APs - from the wire side.

[Pierre Vandevenne <pierre () datarescue com>]

Hello Isherwood,

Friday, June 07, 2002, 8:22:13 PM, you wrote:

IJCCAI> I'm doing some research for a paper on wireless security, and I've been
IJCCAI> trying to find a decent way for an administrator to probe his network for
IJCCAI> APs that might be attached.

IJCCAI> Is there anything else out there?

Assuming you know the SNMP passwords, Solarwinds is very good
(www.solarwinds.net) at gathering information. If you don't know them,
bruteforcing snmp widely isn't a good idea as it can lock up Cisco
equipment (among others) and you'll immediately attract attention.

If you are checking your own network, of course, it could be easier
since any device having a password different from the ones you
assigned is suspect and if it has the same password, you get the info
anyway.

In a recent audit, what we did was a combination of extensive GPS
assisted netstumbling, when we had an approximate idea of the location
of the devices, we looked at the ARP tables of the plausible Ciscos.
We also searched for specific ranges of Mac addresses known to be used
by APs or outside the range of the standard devices used by the
company. Certainly not perfect but worked well enough.

I very interested in a better method, if there is one.

-- 
Best regards,
 Pierre                            mailto:pierre () datarescue com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/