Re: Tools for Detecting Wireless APs - from the wire side.
From: Larry Youngquist (lyoungquist@hotmail.com)Date: 06/10/02
- Previous message: Duffy, Shawn: "RE: Tools for Detecting Wireless APs - from the wire side."
- In reply to: Isherwood Jeff C Contr AFRL/IFOSS: "MORE: Tools for Detecting Wireless APs - from the wire side."
- Next in thread: Weaver, Woody: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Larry Youngquist" <lyoungquist@hotmail.com> To: "'Pen-Test'" <pen-test@securityfocus.com> Date: Mon, 10 Jun 2002 12:18:03 -0700
Perhaps the commercial product, AirDefense (http://www.airdefense.net/)
would do the trick for you. I noticed a recent review in eWeek June 3rd
edition (http://www.eweek.com/article/0,3658,s=701&a=27656,00.asp)
From the marketing info, it sounds like they are targeting rogue AP's and
looking for vulnerabilities from the wired side of the network.
Larry
----- Original Message -----
From: "Isherwood Jeff C Contr AFRL/IFOSS" <Jeffrey.Isherwood@rl.af.mil>
To: "'Pen-Test'" <pen-test@securityfocus.com>
Sent: Monday, June 10, 2002 5:58 AM
Subject: MORE: Tools for Detecting Wireless APs - from the wire side.
> More on the original topic: Tools for Detecting Wireless APs - from the
> wire side.
>
> Many decent suggestions:
>
> TOP 3 ideas (best suggestions so far) are here -
> Nmap: OS Fingerprint of APS
> I've been in contact with Fydor, and Nmap already does many, I'm
> gonna try and figure out which ones...
>
> ARP Tables: collect ARP Info, cull MAC addresses and match MACs to vendor
> prefixes for wireless devices
> I'm working on a script that can perform this function on our
> tables...
>
> SNMP: Use HP Openview, SolarWinds or another SNMP enabled network
management
> tool to probe for the snmp agents on the APs.
> A good idea for "out of the box" APs, but it is very easy to
> halt/remove the snmp agents. If someone is making even a half hearted
> attempt to secure the device, then the SNMP is probably off.
>
>
> MOST received wrong answer ??
>
> Netstumbler: Wardrive your own campus before they do.
> This is not always a practical, or failsafe method. You might miss
> an area, or your campus might be too big to realistically do this (imagine
a
> corporation or Edu that is spread out over a mile or more, and your
manpower
> is limited?)
>
>
> The idea is to find some tools that you can run from the NETWORK side, not
> the RF WIRELESS Side. Something that will help you scan and probe your
net
> for Wireless APs from their IP address, not their antenna. A way of
> spotting the devices from the managed wire, not the free floating
airwaves.
>
> Netstumbler, AiroPeek, ministumbler, Kismet, Wellenreiter, AirTraf,
> AirSnort, Aerosol, Mognet are all WIRELESS scanners... I'm trying to find
a
> WIRED scanner that can find wireless...
>
>
>
> _____
> Jeffrey.Isherwood@rl.af.mil - Senior Security Engineer-UNIX Sys AFRL\IFOSS
> Comm:(315) 330-7246 DSN: 587-7246
>
> "The art of war teaches us to rely not on the likelihood of the
> enemy's not coming, but on our own readiness to receive him; not on the
> chance of his not attacking, but rather on the fact that we have made our
> position unassailable..."
> - Sun-Tzu, The Art of War
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Duffy, Shawn: "RE: Tools for Detecting Wireless APs - from the wire side."
- In reply to: Isherwood Jeff C Contr AFRL/IFOSS: "MORE: Tools for Detecting Wireless APs - from the wire side."
- Next in thread: Weaver, Woody: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
