RE: [fw-wiz] Wireless

From: Loomis, Rip (GILBERT.R.LOOMIS@saic.com)
Date: 08/09/02


From: "Loomis, Rip" <GILBERT.R.LOOMIS@saic.com>
To: firewall-wizards@honor.icsalabs.com
Date: Fri Aug  9 14:37:59 2002


> How are people starting to deal with hunting down and killing rogue
> Wireless Access Points (WAPs)[1]?
The hunting down part requires a combination of physical inspection
and "wardriving" (warwalking?) and even then won't catch everything
unless the monitoring is more-or-less continuous. If 'twere I, I
would start with Kismet ( http://www.kismetwireless.net/ ).

Similar to the problem with folks who add their own modems to desktop
systems
so they can get to AOL, or to servers so they don't need to come in
from home to admin. Obviously some things are different--but in both
cases (illicit WAPs/illicit modems), it would seem to usually be either
a sysadmin or management initiative...someone who should know better but
does it anyway

(I can't resist...) The dealing-with/killing part (once one has been
found) goes like this:
 "I see you have a rogue WAP here!"
    "umm...yes...so?"
 "So, let me help your WAP! WHAP WHAP WHAP WHAP WHAP!"
    "waaaah...you broke my illicit toy!"

> It seems pretty easy in environments where wireless isn't allowed at all,
> but is anyone dealing with the situation in
> an environment where there are sanctioned wireless networks?
I expect it should be easy enough to wrap Kismet in something that would
look for new/changed accessible networks--making it a wireless equivalent
of arpwatch.

  --Rip



Relevant Pages

  • [fw-wiz] (no subject)
    ... ISSs tool (wireless scanner) has specific functionality for this. ... > How are people starting to deal with hunting down and killing rogue ... It seems pretty easy in environments ...
    (Firewall-Wizards)
  • [fw-wiz] Wireless
    ... How are people starting to deal with hunting down and killing rogue ... Wireless Access Points? ... It seems pretty easy in environments ...
    (Firewall-Wizards)