RE: Mapping wireless LANS from the wired side
From: Mike.Ruscher@CSE-CST.GC.CADate: 08/20/01
- Previous message: Ichinin: "Re: Mapping wireless LANS from the wired side"
- Maybe in reply to: Mike.Ruscher@CSE-CST.GC.CA: "Mapping wireless LANS from the wired side"
- Next in thread: freehold@erols.com: "Re: Mapping wireless LANS from the wired side"
- Reply: freehold@erols.com: "Re: Mapping wireless LANS from the wired side"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <A7896A2B763AD511B27C00AA00DD93711FF1F6@niagara.its.cse.dnd.ca> From: Mike.Ruscher@CSE-CST.GC.CA To: pen-test@securityfocus.com, woody@callisma.com Subject: RE: Mapping wireless LANS from the wired side Date: Mon, 20 Aug 2001 17:26:26 -0400
Yes, MAC addresses by vendor will identify the device company, if one can
assume they are valid and not spoofed. I do not see on the OUI site where
the MAC addresses are associated with a company's particular device family
though. This is essential for determining a wireless device from a wired
one. Do most companies give this info out, or must it be extrapolated from
experience?
mgr
-----Original Message-----
From: woody weaver [mailto:woody@callisma.com]
Sent: Monday, August 20, 2001 12:26 PM
To: Mike.Ruscher@CSE-CST.GC.CA; pen-test@securityfocus.com
Subject: RE: Mapping wireless LANS from the wired side
On Monday, August 20, 2001 5:45 AM, Mike.Ruscher@CSE-CST.GC.CA wrote:
[...]
> When mapping a LAN topology, what are the general methods to use for
> discovering access points and wireless hosts from inside the
> wired network.
> This becomes important to detect rogue WLANS which are a
> potential threat to
> the enterprise as they might be behind firewalls etc.
>
> I would expect that the MAC addresses for APs would be unique
> to the various
> vendors., as would the wireless NICs on the WLAN hosts. Are there any
> scanning tools freely available that can do this kind of search?
Indeed, identifying the access points by the OUI gathered from arp table
information works. The last time I did this sort of thing was by using a
perl script that used fping to ping a range, and then SNMP.pm to pull the
arp cache, feed it into an SQL database, and use the OUI information at
<http://standards.ieee.org/regauth/oui/index.shtml> to figure out the nature
of the device.
The scripts are not complex. I can send a copy if there is interest.
--woody
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Ichinin: "Re: Mapping wireless LANS from the wired side"
- Maybe in reply to: Mike.Ruscher@CSE-CST.GC.CA: "Mapping wireless LANS from the wired side"
- Next in thread: freehold@erols.com: "Re: Mapping wireless LANS from the wired side"
- Reply: freehold@erols.com: "Re: Mapping wireless LANS from the wired side"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
