MORE: Tools for Detecting Wireless APs - from the wire side.
From: Isherwood Jeff C Contr AFRL/IFOSS (Jeffrey.Isherwood@rl.af.mil)Date: 06/10/02
- Previous message: Pierre Vandevenne: "Re: Tools for Detecting Wireless APs - from the wire side."
- Next in thread: Pierre Vandevenne: "Re: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: Pierre Vandevenne: "Re: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: Isherwood Jeff C Contr AFRL/IFOSS: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: Larry Youngquist: "Re: Tools for Detecting Wireless APs - from the wire side."
- Reply: Weaver, Woody: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: Weaver, Woody: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: ed d: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: ed d: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: Andrews, Ryan: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Isherwood Jeff C Contr AFRL/IFOSS <Jeffrey.Isherwood@rl.af.mil> To: 'Pen-Test' <pen-test@securityfocus.com> Date: Mon, 10 Jun 2002 12:58:23 -0000
More on the original topic: Tools for Detecting Wireless APs - from the
wire side.
Many decent suggestions:
TOP 3 ideas (best suggestions so far) are here -
Nmap: OS Fingerprint of APS
I've been in contact with Fydor, and Nmap already does many, I'm
gonna try and figure out which ones...
ARP Tables: collect ARP Info, cull MAC addresses and match MACs to vendor
prefixes for wireless devices
I'm working on a script that can perform this function on our
tables...
SNMP: Use HP Openview, SolarWinds or another SNMP enabled network management
tool to probe for the snmp agents on the APs.
A good idea for "out of the box" APs, but it is very easy to
halt/remove the snmp agents. If someone is making even a half hearted
attempt to secure the device, then the SNMP is probably off.
MOST received wrong answer ??
Netstumbler: Wardrive your own campus before they do.
This is not always a practical, or failsafe method. You might miss
an area, or your campus might be too big to realistically do this (imagine a
corporation or Edu that is spread out over a mile or more, and your manpower
is limited?)
The idea is to find some tools that you can run from the NETWORK side, not
the RF WIRELESS Side. Something that will help you scan and probe your net
for Wireless APs from their IP address, not their antenna. A way of
spotting the devices from the managed wire, not the free floating airwaves.
Netstumbler, AiroPeek, ministumbler, Kismet, Wellenreiter, AirTraf,
AirSnort, Aerosol, Mognet are all WIRELESS scanners... I'm trying to find a
WIRED scanner that can find wireless...
_____
Jeffrey.Isherwood@rl.af.mil - Senior Security Engineer-UNIX Sys AFRL\IFOSS
Comm:(315) 330-7246 DSN: 587-7246
"The art of war teaches us to rely not on the likelihood of the
enemy's not coming, but on our own readiness to receive him; not on the
chance of his not attacking, but rather on the fact that we have made our
position unassailable..."
- Sun-Tzu, The Art of War
-----Original Message-----
From: Jeffrey.Isherwood@rl.af.mil
Sent: Friday, June 07, 2002 2:22 PM
Subject: Tools for Detecting Wireless APs - from the wire side.
I'm doing some research for a paper on wireless security, and I've been
trying to find a decent way for an administrator to probe his network for
APs that might be attached.
There seems to be very little out there for this sort of thing.
NMAP can recognize a fingerprint of some APs, but not all...
ISS can sweep a wire, and report back on any that have SNMP
enabled...
APTOOLS claims to be capable, but isn't that easy to use or figure
out (for me so far)
Is there anything else out there?
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Pierre Vandevenne: "Re: Tools for Detecting Wireless APs - from the wire side."
- Next in thread: Pierre Vandevenne: "Re: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: Pierre Vandevenne: "Re: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: Isherwood Jeff C Contr AFRL/IFOSS: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: Larry Youngquist: "Re: Tools for Detecting Wireless APs - from the wire side."
- Reply: Weaver, Woody: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: Weaver, Woody: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: ed d: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: ed d: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Reply: Andrews, Ryan: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
