Penetration Testing mailing list archives
Respuesta: Identification of non Cisco AP's
From: Omar Herrera <oherrera () prodigy net mx>
Date: Wed, 27 Jul 2005 13:10:07 -0500
Hi Jonathan Linksys AP I've seen all use an initial TTL of 150, calculating the number of hops between you an the hosts scanned and then add the TTL of responses should do it. Or simply looking at responses of probes to port 80 TCP, with a TTL close to and < 150 should be enough and relatively fast. Regards, Omar Herrera ----- Mensaje original ----- De: Jonathan Gauntt
Hi, I have been tasked with the project of scanning and identifying all non Cisco wireless access points within the company?s network. We have about 800 /22 and /24 subnets, and because of the IP addressingscheme in place, might just be easier for me to scan the whole class A range of IP?s. I have access to Nessus and GFI Security Scanner. Since we over 8000 IP?s in place, does anyone have any advice on the best way to identify these non Cisco AP?s such as Linksys and Netgear, etc. I wouldn?t want to have a report produced that is two miles long unlessabsolutely necessary. Thanks, Jonathan
Current thread:
- Respuesta: Identification of non Cisco AP's Omar Herrera (Jul 27)