Penetration Testing mailing list archives
RE: Identification of non Cisco AP's
From: Jonathan Gauntt <jon0966 () yahoo com>
Date: Thu, 28 Jul 2005 13:02:37 -0700 (PDT)
No, I plan on running Nmap also, I should have stated that. Jonathan --- Todd Towles <toddtowles () brookshires com> wrote:
You don't like simple Nmap with the -sV on?-----Original Message----- From: Jonathan Gauntt [mailto:jon0966 () yahoo com] Sent: Thursday, July 28, 2005 12:35 AM To: 'Ian Gorrie' Cc: security-management () securityfocus com;pen-test () securityfocus comSubject: RE: Identification of non Cisco AP's Thanks for the advice. If Superscan doesn't workout I willget a quote from Lumeta. Jonathan -----Original Message----- From: Ian Gorrie [mailto:iag () locked net] Sent: Wednesday, July 27, 2005 2:40 AM To: Jonathan Gauntt Cc: security-management () securityfocus com;pen-test () securityfocus comSubject: Re: Identification of non Cisco AP's On the wire detection is shoddy at best. Usuallycommercialscanners will only detect default configurations. that being said, most products that I've looked at(such asLumeta IPSonar for instance) work by scanning forbanners onwebservers that are running on the APs. If youuse a productthat scans 80 and 443 for banners that match anAPs, youmight get somewhere. Not running an obvious banner, disabled, or notmatching a signature?You'll be out of luck unless you are tricky andcan somehowdetermine that it is a packet forwarding device. 802.11x on the network doesn't sound like such abad ideanow, does it? :) -i Jonathan Gauntt wrote:Hi, I have been tasked with the project of scanningand identifying allnon Cisco wireless access points within thecompany's network.We have about 800 /22 and /24 subnets, andbecause of the IPaddressing scheme in place, might just be easierfor me to scan thewhole class A range of IP's. I have access to Nessus and GFI SecurityScanner. Since weover 8000IP's in place, does anyone have any advice onthe best wayto identifythese non Cisco AP's such as Linksys andNetgear, etc.I wouldn't want to have a report produced thatis two miles longunless absolutely necessary. Thanks, Jonathan
Current thread:
- Re: Identification of non Cisco AP's, (continued)
- Re: Identification of non Cisco AP's Chuck (Jul 27)
- RE: Identification of non Cisco AP's Jonathan Gauntt (Jul 28)
- Re: Identification of non Cisco AP's Ian Gorrie (Jul 27)
- Re: Identification of non Cisco AP's ben creitz (Jul 27)
- RE: Identification of non Cisco AP's Jonathan Gauntt (Jul 28)
- Re: Identification of non Cisco AP's hfortier (Jul 27)
- Re: Identification of non Cisco AP's Sherwood R. Probeck (Jul 28)
- RE: Identification of non Cisco AP's Jonathan Gauntt (Jul 29)
- Re: Re: Identification of non Cisco AP's mox11 (Jul 27)
- RE: Identification of non Cisco AP's Todd Towles (Jul 28)
- RE: Identification of non Cisco AP's Jonathan Gauntt (Jul 28)
- Re: Re: Re: Identification of non Cisco AP's seventil (Jul 28)
- Re: Identification of non Cisco AP's Chuck (Jul 27)