VS: MORE: Tools for Detecting Wireless APs - from the wire side.

From: Toni Heinonen (Toni.Heinonen@teleware.fi)
Date: 06/14/02 

Date: Fri, 14 Jun 2002 11:49:30 +0300
From: "Toni Heinonen" <Toni.Heinonen@teleware.fi>
To: "Jon" <vandivee@midsouth.rr.com>, "Pen-Test" <pen-test@securityfocus.com>

> -----Alkuperäinen viesti-----
> Lähettäjä: Jon [mailto:vandivee@midsouth.rr.com]
> Lähetetty: 12. kesäkuuta 2002 7:18
> Vastaanottaja: 'Pen-Test'
> Aihe: RE: MORE: Tools for Detecting Wireless APs - from the wire side.
>
<snip>
> EAP based authentication for port security....
>
> And with that.... I can honestly say I have NO IDEA how to do
> it right now.....
>
> If anyone has a whitepaper for implementation EAP for port
> security, please post it or send it to me...

Ahh, but indeed. It's of course smarter to block access from the APs instead of just trying to detect them. AFAIK no Wireless APs can do 802.1x authentication to connect to the LAN, even though most can accept wireless 802.1x clients.

These links quickly popped to my search at cisco.com:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1219ea1/3550scg/sw8021x.htm
http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/deacs_wp.htm

Of course, those links only work on Cisco catalysts. 

-- 
Toni Heinonen, Teleware Oy
  Wireless +358 (40) 836 1815
  Telephone +358 (9) 3434 9123
  toni.heinonen@teleware.fi
  www.teleware.fi

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: Enabling telnet, ftp, pop3 for root...
    ... Where did I say ANYTHING about not using authentication. ... You're presenting it like direct root login would be a total security ... DON'T have access to the port. ...
    (alt.os.linux)
  • Re: BEFVP41 -2003 SBS Help Please
    ... Couple of things to keep in mind about exposed ports, VPN, and security ... + 1723 is authentication, it doesn't pass the data stream. ... 1723 is an authentication port, if someone authenticated, they get in. ...
    (microsoft.public.windows.server.sbs)
  • Re: PEAP-TLS vs EAP-TLS
    ... -- IEEE 802.11 Wireless LAN Security with Microsoft Windows), ... in the PEAP-MS-CHAP v2 Authentication section: ... Although EAP provides authentication flexibility through the use of EAP ...
    (microsoft.public.windows.server.security)
  • Re: VS: MORE: Tools for Detecting Wireless APs - from the wire side.
    ... >> EAP based authentication for port security.... ... >> security, please post it or send it to me... ... AFAIK no Wireless APs can do 802.1x authentication to connect to the LAN, even though most can accept wireless 802.1x clients. ...
    (Pen-Test)
  • comp.security.unix and comp.security.misc frequently asked questions
    ... Can I turn off identd? ... to learn about computer security? ... Niles and Jyrki Havia for tripwire bug details as posted to the newsgroup. ... connecting from port 20546 on your machine to port 25 on 205.238.143.33. ...
    (comp.security.misc)