Re: Identification of non Cisco AP's

[hfortier <hfortier () recon cx>]

I would use nmap to port scan/banner grab all port 80 and drop any IIS, 
Apache, Netscape then I would then check manually the rest of ip that 
matched.

I would also check the mac address of the network device on my network, 
and then veryfying manually all the device that matched the mac. There 
is list of mac address used by accesspoint available freely on the net 
http://svn.kismetwireless.net/code/trunk/conf/ap_manuf. If your switch 
and routers are snmp enabled, you could probe them to find trace of 
those mac been used. Advantage with this solution is that you'll notice 
quickly if a AP get hooked in.

Hugo

Jonathan Gauntt wrote:

> Hi,
>
> I have been tasked with the project of scanning and identifying all non
> Cisco wireless access points within the company’s network.
>
> We have about 800 /22 and /24 subnets, and because of the IP addressing
> scheme in place, might just be easier for me to scan the whole class A range
> of IP’s.
>
> I have access to Nessus and GFI Security Scanner.  Since we over 8000 IP’s
> in place, does anyone have any advice on the best way to identify these non
> Cisco AP’s such as Linksys and Netgear, etc.
>
> I wouldn’t want to have a report produced that is two miles long unless
> absolutely necessary.
>
> Thanks,
>
>
> Jonathan
>
>
>
>
>
>