Penetration Testing mailing list archives
RE: MORE: Tools for Detecting Wireless APs - from the wire side.
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 12 Jun 2002 23:13:14 -0400 (EDT)
On Tue, 11 Jun 2002, John Adams wrote:
On Tue, 11 Jun 2002, ed d wrote:depending on how the clients in your network get their ip addresses, you might be able to search through your dhcp logs and pull all of the ap mac addresses. this discounts rogue aps with statics, but if i was to drop a rogue ap into a network, i would probably turn on dhcp, then let it go.Ahh, but this is useless if the AP DHCPs an address and then NATs everyone on wireless.a good site for mac address/vendor coorelation is: http://standards.ieee.org/regauth/oui/oui.txtI disagree with the entire "find them by Vendor MAC prefix to find APs" approach. Many vendors are assigned blocks of MAC prefixes (look at Cisco, for example) and share these blocks between disparate devices, both wired and wireless.
Actually, I believe they are assigned a number of MAC blocks over time, thus a search of 3Com MAC's should produce a number of MAC blocks. http://www.codito.de/manufactor_hash http://coffer.com/mac_find/ 00068C 3Com Corporation 000A04 3Com Europe Ltd 00104B 3com corporation 00105A 3com corporation 0020AF 3COM Corporation 00301E 3COM Europe Ltd. 005004 3COM CORPORATION 005099 3com europe, ltd. 0050DA 3COM CORPORATION 006008 3com corporation 00608C 3Com (1990 onwards) 006097 3Com 009004 3com europe ltd. 00A024 3com Corporation 00D096 3com Europe Ltd. 00D0D8 3Com Corporation (was: Nomadic Technologies) 026060 3COM 02608C 3COM IBM PC; Imagen; Valid; Cisco; Macintosh; Apple 02C08C 3com corporation 080002 Bridge (was: 3Com) 08004E 3com europe ltd. 3C0000 3Com dual function (V.34 modem + Ethernet) card Thanks, Ron DuFrense -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- RE: MORE: Tools for Detecting Wireless APs - from the wire side., (continued)
- RE: MORE: Tools for Detecting Wireless APs - from the wire side. Isherwood Jeff C Contr AFRL/IFOSS (Jun 10)
- RE: MORE: Tools for Detecting Wireless APs - from the wire side. R. DuFresne (Jun 10)
- RE: MORE: Tools for Detecting Wireless APs - from the wire side. Weaver, Woody (Jun 11)
- RE: MORE: Tools for Detecting Wireless APs - from the wire side. Weaver, Woody (Jun 11)
- Re[2]: MORE: Tools for Detecting Wireless APs - from the wire side. Pierre Vandevenne (Jun 11)
- RE: Re[2]: MORE: Tools for Detecting Wireless APs - from the wire side. Woody Weaver (Jun 12)
- Re: MORE: Tools for Detecting Wireless APs - from the wire side. Bennett Todd (Jun 12)
- RE: MORE: Tools for Detecting Wireless APs - from the wire side. Jon (Jun 12)
- Re[2]: MORE: Tools for Detecting Wireless APs - from the wire side. Pierre Vandevenne (Jun 11)
- RE: MORE: Tools for Detecting Wireless APs - from the wire side. ed d (Jun 11)
- RE: MORE: Tools for Detecting Wireless APs - from the wire side. John Adams (Jun 12)
- RE: MORE: Tools for Detecting Wireless APs - from the wire side. R. DuFresne (Jun 13)
- RE: MORE: Tools for Detecting Wireless APs - from the wire side. John Adams (Jun 12)
- RE: MORE: Tools for Detecting Wireless APs - from the wire side. ed d (Jun 12)
- RE: MORE: Tools for Detecting Wireless APs - from the wire side. Andrews, Ryan (Jun 14)
- RE: MORE: Tools for Detecting Wireless APs - from the wire side. Isherwood Jeff C Contr AFRL/IFOSS (Jun 10)