Re: Re: Identification of non Cisco AP's
mox11_at_charter.net
Date: 07/27/05
- Previous message: Miguel Dilaj: "RE: IPS Comparison"
- Maybe in reply to: ben creitz: "Re: Identification of non Cisco AP's"
- Next in thread: seventil_at_gmail.com: "Re: Re: Re: Identification of non Cisco AP's"
- Maybe reply: seventil_at_gmail.com: "Re: Re: Re: Identification of non Cisco AP's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Ian Gorrie <iag@locked.net>, Jonathan Gauntt <jon0966@yahoo.com> Date: Wed, 27 Jul 2005 17:37:15 -0400
Here's a poor mans' fix
Ping the broadcast address of your network.
Most machines should reply.
arp -an to determine MAC addresses or run PERL script (let me know if you need the code)
The first 3 bits of the MAC will tell you the vendor
http://standards.ieee.org/regauth/oui/index.shtml has most vendors available(OUI DB).
I'd throw what you get into a database and filter everything but Cisco. Then run queries on the rest.
There is a PERL script to automate some of this process if you like I'll post it.
micro.
>
> From: Ian Gorrie <iag@locked.net>
> Date: 2005/07/27 Wed AM 03:39:41 EDT
> To: Jonathan Gauntt <jon0966@yahoo.com>
> CC: security-management@securityfocus.com, pen-test@securityfocus.com
> Subject: Re: Identification of non Cisco AP's
>
> On the wire detection is shoddy at best. Usually commercial scanners
> will only detect default configurations.
>
> that being said, most products that I've looked at (such as Lumeta
> IPSonar for instance) work by scanning for banners on webservers that
> are running on the APs. If you use a product that scans 80 and 443 for
> banners that match an APs, you might get somewhere.
>
> Not running an obvious banner, disabled, or not matching a signature?
> You'll be out of luck unless you are tricky and can somehow determine
> that it is a packet forwarding device.
>
> 802.11x on the network doesn't sound like such a bad idea now, does it? :)
>
> -i
>
> Jonathan Gauntt wrote:
> > Hi,
> >
> > I have been tasked with the project of scanning and identifying all
> > non Cisco wireless access points within the company?s network.
> >
> > We have about 800 /22 and /24 subnets, and because of the IP
> > addressing scheme in place, might just be easier for me to scan the
> > whole class A range of IP?s.
> >
> > I have access to Nessus and GFI Security Scanner. Since we over 8000
> > IP?s in place, does anyone have any advice on the best way to
> > identify these non Cisco AP?s such as Linksys and Netgear, etc.
> >
> > I wouldn?t want to have a report produced that is two miles long
> > unless absolutely necessary.
> >
> > Thanks,
> >
> >
> > Jonathan
> >
> >
> >
> >
>
- Previous message: Miguel Dilaj: "RE: IPS Comparison"
- Maybe in reply to: ben creitz: "Re: Identification of non Cisco AP's"
- Next in thread: seventil_at_gmail.com: "Re: Re: Re: Identification of non Cisco AP's"
- Maybe reply: seventil_at_gmail.com: "Re: Re: Re: Identification of non Cisco AP's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
