RE: MORE: Tools for Detecting Wireless APs - from the wire side.
From: R. DuFresne (dufresne@sysinfo.com)Date: 06/13/02
- Previous message: Jason: "hacking a NT domain after the member server"
- In reply to: John Adams: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Next in thread: ed d: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Jun 2002 23:13:14 -0400 (EDT) From: "R. DuFresne" <dufresne@sysinfo.com> To: John Adams <jadams@inktomi.com>
On Tue, 11 Jun 2002, John Adams wrote:
> On Tue, 11 Jun 2002, ed d wrote:
>
> > depending on how the clients in your network get their ip addresses, you
> > might be able to search through your dhcp logs and pull all of the ap mac
> > addresses.
> >
> > this discounts rogue aps with statics, but if i was to drop a rogue ap into
> > a network, i would probably turn on dhcp, then let it go.
>
> Ahh, but this is useless if the AP DHCPs an address and then NATs everyone
> on wireless.
>
> > a good site for mac address/vendor coorelation is:
> > http://standards.ieee.org/regauth/oui/oui.txt
>
> I disagree with the entire "find them by Vendor MAC prefix to find APs"
> approach. Many vendors are assigned blocks of MAC prefixes (look at Cisco,
> for example) and share these blocks between disparate devices, both wired
> and wireless.
>
Actually, I believe they are assigned a number of MAC blocks over time,
thus a search of 3Com MAC's should produce a number of MAC blocks.
http://www.codito.de/manufactor_hash
00068C 3Com Corporation
000A04 3Com Europe Ltd
00104B 3com corporation
00105A 3com corporation
0020AF 3COM Corporation
00301E 3COM Europe Ltd.
005004 3COM CORPORATION
005099 3com europe, ltd.
0050DA 3COM CORPORATION
006008 3com corporation
00608C 3Com (1990 onwards)
006097 3Com
009004 3com europe ltd.
00A024 3com Corporation
00D096 3com Europe Ltd.
00D0D8 3Com Corporation (was: Nomadic Technologies)
026060 3COM
02608C 3COM IBM PC; Imagen; Valid; Cisco; Macintosh; Apple
02C08C 3com corporation
080002 Bridge (was: 3Com)
08004E 3com europe ltd.
3C0000 3Com dual function (V.34 modem + Ethernet) card
Thanks,
Ron DuFrense
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Jason: "hacking a NT domain after the member server"
- In reply to: John Adams: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Next in thread: ed d: "RE: MORE: Tools for Detecting Wireless APs - from the wire side."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
