RE: Identification of non Cisco AP's

["Jonathan Gauntt" <jon0966 () yahoo com>]

Thanks for the advice.  If Superscan doesn't work out I will get a quote
from Lumeta.


Jonathan

-----Original Message-----
From: Ian Gorrie [mailto:iag () locked net] 
Sent: Wednesday, July 27, 2005 2:40 AM
To: Jonathan Gauntt
Cc: security-management () securityfocus com; pen-test () securityfocus com
Subject: Re: Identification of non Cisco AP's

On the wire detection is shoddy at best.  Usually commercial scanners
will only detect default configurations.

that being said, most products that I've looked at (such as Lumeta
IPSonar for instance) work by scanning for banners on webservers that
are running on the APs.  If you use a product that scans 80 and 443 for
banners that match an APs, you might get somewhere.

Not running an obvious banner, disabled, or not matching a signature?
You'll be out of luck unless you are tricky and can somehow determine
that it is a packet forwarding device.

802.11x on the network doesn't sound like such a bad idea now, does it? :)

-i

Jonathan Gauntt wrote:
> Hi,
>
> I have been tasked with the project of scanning and identifying all
> non Cisco wireless access points within the company's network.
>
> We have about 800 /22 and /24 subnets, and because of the IP
> addressing scheme in place, might just be easier for me to scan the
> whole class A range of IP's.
>
> I have access to Nessus and GFI Security Scanner.  Since we over 8000
> IP's in place, does anyone have any advice on the best way to
> identify these non Cisco AP's such as Linksys and Netgear, etc.
>
> I wouldn't want to have a report produced that is two miles long
> unless absolutely necessary.
>
> Thanks,
>
>
> Jonathan