Re: Re: Identification of non Cisco AP's

mox11_at_charter.net
Date: 07/27/05

  • Next message: Daniele Bellucci: "Some trouble with yersinia"
    To: Ian Gorrie <iag@locked.net>, Jonathan Gauntt <jon0966@yahoo.com>
    Date: Wed, 27 Jul 2005 17:37:15 -0400
    
    

    Here's a poor mans' fix

    Ping the broadcast address of your network.
    Most machines should reply.
    arp -an to determine MAC addresses or run PERL script (let me know if you need the code)
    The first 3 bits of the MAC will tell you the vendor
    http://standards.ieee.org/regauth/oui/index.shtml has most vendors available(OUI DB).
    I'd throw what you get into a database and filter everything but Cisco. Then run queries on the rest.
    There is a PERL script to automate some of this process if you like I'll post it.
    micro.
    >
    > From: Ian Gorrie <iag@locked.net>
    > Date: 2005/07/27 Wed AM 03:39:41 EDT
    > To: Jonathan Gauntt <jon0966@yahoo.com>
    > CC: security-management@securityfocus.com, pen-test@securityfocus.com
    > Subject: Re: Identification of non Cisco AP's
    >
    > On the wire detection is shoddy at best. Usually commercial scanners
    > will only detect default configurations.
    >
    > that being said, most products that I've looked at (such as Lumeta
    > IPSonar for instance) work by scanning for banners on webservers that
    > are running on the APs. If you use a product that scans 80 and 443 for
    > banners that match an APs, you might get somewhere.
    >
    > Not running an obvious banner, disabled, or not matching a signature?
    > You'll be out of luck unless you are tricky and can somehow determine
    > that it is a packet forwarding device.
    >
    > 802.11x on the network doesn't sound like such a bad idea now, does it? :)
    >
    > -i
    >
    > Jonathan Gauntt wrote:
    > > Hi,
    > >
    > > I have been tasked with the project of scanning and identifying all
    > > non Cisco wireless access points within the company?s network.
    > >
    > > We have about 800 /22 and /24 subnets, and because of the IP
    > > addressing scheme in place, might just be easier for me to scan the
    > > whole class A range of IP?s.
    > >
    > > I have access to Nessus and GFI Security Scanner. Since we over 8000
    > > IP?s in place, does anyone have any advice on the best way to
    > > identify these non Cisco AP?s such as Linksys and Netgear, etc.
    > >
    > > I wouldn?t want to have a report produced that is two miles long
    > > unless absolutely necessary.
    > >
    > > Thanks,
    > >
    > >
    > > Jonathan
    > >
    > >
    > >
    > >
    >


  • Next message: Daniele Bellucci: "Some trouble with yersinia"

    Relevant Pages

    • TidBITS#794/29-Aug-05
      ... This week's issue brings a potpourri of Mac news, ... Mark Anbinder looks briefly at Google Talk, ... Adding Tiger's AirPort Preferred Network List ...
      (comp.sys.mac.digest)
    • Re: IP addresses of devices on local network?
      ... But it turns out that the printer shows up in Bonjour Browser in various ... and even the Airport Express box has a Bonjour-advertised ... If any other devices connected to the physical network ... over Airport or Ethernet (recent Mac models). ...
      (uk.comp.sys.mac)
    • Re: All I have is the MAC address which are on our LAN so no routers are involved.
      ... echo Clearing ARP Cache ... an IP on MAC How to use TCP/IP without installing a NIC. ... How to Setup Windows, Network, VPN & Remote Access on = ... Anyway now I have the list of machines with MAC and IP, ...
      (microsoft.public.windowsxp.network_web)
    • Re: Re: All I have is the MAC address which are on our LAN so no routers are involved.
      ... addresses and then check the arp cache with "arp -a". ... an IP on MAC How to use TCP/IP without installing a NIC. ... How to Setup Windows, Network, VPN & Remote Access on = ... Anyway now I have the list of machines with MAC and IP, ...
      (microsoft.public.windowsxp.network_web)
    • Re: Setting up Airport Express
      ... It is usually referred to as a "MAC Address", ... on their network. ... always the hardware address assigned to the computer sending the packet. ... When your router receives a packet destined for a computer on your LAN, ...
      (uk.comp.sys.mac)