RE: MORE: Tools for Detecting Wireless APs - from the wire side.

• Previous message: Oliver Petruzel: "RE: Testing other prot's and layers."
• In reply to: ed d: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
• Next in thread: R. DuFresne: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
• Next in thread: ed d: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
• Reply: R. DuFresne: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 11 Jun 2002 16:18:00 -0700 (PDT)
From: "John Adams" <jadams@inktomi.com>
To: ed d <ragdelaed@hotmail.com>

On Tue, 11 Jun 2002, ed d wrote:

> depending on how the clients in your network get their ip addresses, you
> might be able to search through your dhcp logs and pull all of the ap mac
> addresses.
>
> this discounts rogue aps with statics, but if i was to drop a rogue ap into
> a network, i would probably turn on dhcp, then let it go.

Ahh, but this is useless if the AP DHCPs an address and then NATs everyone
on wireless.

> a good site for mac address/vendor coorelation is:
> http://standards.ieee.org/regauth/oui/oui.txt

I disagree with the entire "find them by Vendor MAC prefix to find APs"
approach. Many vendors are assigned blocks of MAC prefixes (look at Cisco,
for example) and share these blocks between disparate devices, both wired
and wireless.

--john

-- 
John Adams         . Sr. Security Engineer . Inktomi Corporation
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: Oliver Petruzel: "RE: Testing other prot's and layers."
• In reply to: ed d: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
• Next in thread: R. DuFresne: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
• Next in thread: ed d: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
• Reply: R. DuFresne: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Opinions on ClicktoSecures Hailstorm Product ... Opinions on ClicktoSecure's Hailstorm Product ... inputs from the network - custom ISAPI interfaces, ... end-user and the software vendor find problems _before_ the hackers do - ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) RE: Using ARP to map a network ... The only way to truly passively map a network, ... >> there are machines that infrequently communicate outwards ... For more information on SecurityFocus' SIA ... (Pen-Test) Re: Medium Scale Scanning Best Practices ... network, ... > vulnerability rather than having to scan the entire network each time. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) RE: Using ARP to map a network ... would that mean "mapping a network without sending out any packet"? ... mapping services and hosts on the local network ... spoofing ARP Replies, sending your MAC out for every known IP, and then ... >>> This list is provided by the SecurityFocus Security ... (Pen-Test) RE: Using ARP to map a network ... If my goal is to passively map a network, what is the best way to do that? ... > I'm not quite sure how ARP harvesting ... >> This list is provided by the SecurityFocus Security ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint