Impeding wireless (was Re: [fw-wiz] Hopefully not too OT)

From: Kevin (
Date: 05/02/05

  • Next message: Sanford Reed: "RE: [fw-wiz] PIX -> ISA -> OWA Configuration"
    To: "" <>
    Date: Mon, 2 May 2005 15:44:35 -0500

    Is there a more appropriate mailing list for this topic?

    On Mon, 02 May 2005 07:29:48, <> wrote:
    > In my searching, I pondered long and hard on rogue wireless APs
    > and contractor/vendor laptops with wireless enabled becoming a
    > potential vector.

    Have you considered network-level controls to prevent or detect the
    deployment of rogue wireless APs? See

    > While I scan our main building once a week with some
    > wireless security tools, it is not feasible for me to contiuously drive
    > around and scan all of our sites. I know also that I could put some
    > sort of wireless IDS/Honeypot type thing out at each site, this
    > would be expensive, and right now we are not flush with cash.
    > I have been pondering putting an 802.11 jammer on site at each
    > location (again, we don't use wireless, so it should not impair
    > anything) and thought that might be a cheaper option.

    If you are in the US, there are FCC issues with intentionally jamming
    the 802.11 spectrum with an active transmitter.

    I recall at least one open source tool which attempts to identify
    access points from the wired network by their MAC and other
    unique characteristics of the LAN-facing interface of APs?

    You might create and enforce a LAN policy restricting the addition
    of *any* new devices to the wired network, and enforce this policy
    through firewall rules, 802.1x, and switch features. This should
    provide alerting when any rogue connection is added to the network,
    wireless or wired.

    Kevin Kadow
    firewall-wizards mailing list

  • Next message: Sanford Reed: "RE: [fw-wiz] PIX -> ISA -> OWA Configuration"

    Relevant Pages

    • Re: My Wifi Woes
      ... Vista with Ubuntu 8.10. ... My wired network came up "automagically" and when I'd ... iface wlan0 inet dhcp ... my new laptop found the neighbor's 2 wireless ...
    • Re: XP bridge with Linksys PAP2 (voip)?
      ... In theory you could bridge the wireless and wired network connections on ... That laptop has an unused wired network port (Local Area Connection). ...
    • Re: Connecting Windows XP machines to two networks (wired and wireless)
      ... floor that use this wireless connection for Internet and file-sharing. ... I'm trying to setup a wired network between the 2nd floor computers, ... Gateway: n/a ...
    • Re: About War Driving ..
      ... The students with wireless laptops are the only computers with DHCP ... I suppose you mean "MAC addresses are bound to ports" here. ... It's doable if you have a wired network. ...
    • Re: WRT54G to wired network?
      ... I am new to wireless and could use some advice. ... I have a wired network which consists of a linux server (router) connected ...