Penetration Testing mailing list archives

RE: Identification of non Cisco AP's

From: Jonathan Gauntt <jon0966 () yahoo com>
Date: Thu, 28 Jul 2005 13:02:37 -0700 (PDT)

No, I plan on running Nmap also, I should have stated
that.


Jonathan

--- Todd Towles <toddtowles () brookshires com> wrote:

You don't like simple Nmap with the -sV on?

-----Original Message-----
From: Jonathan Gauntt [mailto:jon0966 () yahoo com] 
Sent: Thursday, July 28, 2005 12:35 AM
To: 'Ian Gorrie'
Cc: security-management () securityfocus com;

pen-test () securityfocus com

Subject: RE: Identification of non Cisco AP's

Thanks for the advice.  If Superscan doesn't work

out I will

get a quote from Lumeta.


Jonathan

-----Original Message-----
From: Ian Gorrie [mailto:iag () locked net]
Sent: Wednesday, July 27, 2005 2:40 AM
To: Jonathan Gauntt
Cc: security-management () securityfocus com;

pen-test () securityfocus com

Subject: Re: Identification of non Cisco AP's

On the wire detection is shoddy at best.  Usually

commercial

scanners will only detect default configurations.

that being said, most products that I've looked at

(such as

Lumeta IPSonar for instance) work by scanning for

banners on

webservers that are running on the APs.  If you

use a product

that scans 80 and 443 for banners that match an

APs, you

might get somewhere.

Not running an obvious banner, disabled, or not

matching a signature?

You'll be out of luck unless you are tricky and

can somehow

determine that it is a packet forwarding device.

802.11x on the network doesn't sound like such a

bad idea

now, does it? :)

-i

Jonathan Gauntt wrote:

Hi,

I have been tasked with the project of scanning

and identifying all

non Cisco wireless access points within the

company's network.


We have about 800 /22 and /24 subnets, and

because of the IP

addressing scheme in place, might just be easier

for me to scan the

whole class A range of IP's.

I have access to Nessus and GFI Security

Scanner.  Since we

over 8000

IP's in place, does anyone have any advice on

the best way

to identify

these non Cisco AP's such as Linksys and

Netgear, etc.


I wouldn't want to have a report produced that

is two miles long

unless absolutely necessary.

Thanks,


Jonathan

Current thread:

Re: Identification of non Cisco AP's, (continued)
- Re: Identification of non Cisco AP's Chuck (Jul 27)
  - RE: Identification of non Cisco AP's Jonathan Gauntt (Jul 28)
- Re: Identification of non Cisco AP's Ian Gorrie (Jul 27)
  - Re: Identification of non Cisco AP's ben creitz (Jul 27)
  - RE: Identification of non Cisco AP's Jonathan Gauntt (Jul 28)
- Re: Identification of non Cisco AP's hfortier (Jul 27)
- Re: Identification of non Cisco AP's Sherwood R. Probeck (Jul 28)
  - RE: Identification of non Cisco AP's Jonathan Gauntt (Jul 29)
- Re: Re: Identification of non Cisco AP's mox11 (Jul 27)
- RE: Identification of non Cisco AP's Todd Towles (Jul 28)
  - RE: Identification of non Cisco AP's Jonathan Gauntt (Jul 28)
- Re: Re: Re: Identification of non Cisco AP's seventil (Jul 28)