Re: Re: Identification of non Cisco AP's
To: Ian Gorrie <firstname.lastname@example.org>, Jonathan Gauntt <email@example.com> Date: Wed, 27 Jul 2005 17:37:15 -0400
Here's a poor mans' fix
Ping the broadcast address of your network.
Most machines should reply.
arp -an to determine MAC addresses or run PERL script (let me know if you need the code)
The first 3 bits of the MAC will tell you the vendor
http://standards.ieee.org/regauth/oui/index.shtml has most vendors available(OUI DB).
I'd throw what you get into a database and filter everything but Cisco. Then run queries on the rest.
There is a PERL script to automate some of this process if you like I'll post it.
> From: Ian Gorrie <firstname.lastname@example.org>
> Date: 2005/07/27 Wed AM 03:39:41 EDT
> To: Jonathan Gauntt <email@example.com>
> CC: firstname.lastname@example.org, email@example.com
> Subject: Re: Identification of non Cisco AP's
> On the wire detection is shoddy at best. Usually commercial scanners
> will only detect default configurations.
> that being said, most products that I've looked at (such as Lumeta
> IPSonar for instance) work by scanning for banners on webservers that
> are running on the APs. If you use a product that scans 80 and 443 for
> banners that match an APs, you might get somewhere.
> Not running an obvious banner, disabled, or not matching a signature?
> You'll be out of luck unless you are tricky and can somehow determine
> that it is a packet forwarding device.
> 802.11x on the network doesn't sound like such a bad idea now, does it? :)
> Jonathan Gauntt wrote:
> > Hi,
> > I have been tasked with the project of scanning and identifying all
> > non Cisco wireless access points within the company?s network.
> > We have about 800 /22 and /24 subnets, and because of the IP
> > addressing scheme in place, might just be easier for me to scan the
> > whole class A range of IP?s.
> > I have access to Nessus and GFI Security Scanner. Since we over 8000
> > IP?s in place, does anyone have any advice on the best way to
> > identify these non Cisco AP?s such as Linksys and Netgear, etc.
> > I wouldn?t want to have a report produced that is two miles long
> > unless absolutely necessary.
> > Thanks,
> > Jonathan