RE: Tools for Detecting Wireless APs - from the wire side.

[Isherwood Jeff C Contr AFRL/IFOSS <Jeffrey.Isherwood () rl af mil>]

Agreed Greg, that's one of the solutions I'm working on.


But imagine a campus network that is miles in size, with hundreds of
buildings (or spread out geographically separated units such as satellite or
sales offices)

I can't afford to purchase every possible AP on the market.  I have 4-5
different vendors Aps to play with, but what if someone brings in one I
don't have?

These tools keep honest people honest.  It's the dishonest, malicious,
sneaky and/or lazy ones that I'm paid to worry about.
 
APs that I don't know about, can't report to the IDS Console...
APs that have been encrypted can't be sniffed for malicious content...
APs that get plugged into a net by someone NOT in the Network Control
Center's reporting chain... don't get reported, managed or configured
properly.
 
Don't fear what you know... Fear what you don't know...



-----Original Message-----
From: Greg [mailto:greg () hoobie net] 
Sent: Sunday, June 09, 2002 2:11 PM
To: Isherwood Jeff C Contr AFRL/IFOSS; 'Pen-Test'
Subject: RE: Tools for Detecting Wireless APs - from the wire side.

Why not create NMAP OS Fingerprints for any AP types you can find. That way
you'll have what you want and you could also submit the fingerprints to
Fyodor for inclusion in the next release.

I reallise that's not an immediate solution but it's probably going to be
the most effective in the long run.

regards

Greg

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/