RE: Identification of non Cisco AP's

From: Todd Towles (toddtowles_at_brookshires.com)
Date: 07/28/05

  • Next message: Clement Dupuis: "RE: Etc/shadow file and john" 
    Date: Thu, 28 Jul 2005 14:05:14 -0500
To: "Jonathan Gauntt" <jon0966@yahoo.com>, "Ian Gorrie" <iag@locked.net>

    You don't like simple Nmap with the -sV on?

    > -----Original Message-----
    > From: Jonathan Gauntt [mailto:jon0966@yahoo.com]
    > Sent: Thursday, July 28, 2005 12:35 AM
    > To: 'Ian Gorrie'
    > Cc: security-management@securityfocus.com; pen-test@securityfocus.com
    > Subject: RE: Identification of non Cisco AP's
    >
    > Thanks for the advice. If Superscan doesn't work out I will
    > get a quote from Lumeta.
    >
    >
    > Jonathan
    >
    > -----Original Message-----
    > From: Ian Gorrie [mailto:iag@locked.net]
    > Sent: Wednesday, July 27, 2005 2:40 AM
    > To: Jonathan Gauntt
    > Cc: security-management@securityfocus.com; pen-test@securityfocus.com
    > Subject: Re: Identification of non Cisco AP's
    >
    > On the wire detection is shoddy at best. Usually commercial
    > scanners will only detect default configurations.
    >
    > that being said, most products that I've looked at (such as
    > Lumeta IPSonar for instance) work by scanning for banners on
    > webservers that are running on the APs. If you use a product
    > that scans 80 and 443 for banners that match an APs, you
    > might get somewhere.
    >
    > Not running an obvious banner, disabled, or not matching a signature?
    > You'll be out of luck unless you are tricky and can somehow
    > determine that it is a packet forwarding device.
    >
    > 802.11x on the network doesn't sound like such a bad idea
    > now, does it? :)
    >
    > -i
    >
    > Jonathan Gauntt wrote:
    > > Hi,
    > >
    > > I have been tasked with the project of scanning and identifying all
    > > non Cisco wireless access points within the company's network.
    > >
    > > We have about 800 /22 and /24 subnets, and because of the IP
    > > addressing scheme in place, might just be easier for me to scan the
    > > whole class A range of IP's.
    > >
    > > I have access to Nessus and GFI Security Scanner. Since we
    > over 8000
    > > IP's in place, does anyone have any advice on the best way
    > to identify
    > > these non Cisco AP's such as Linksys and Netgear, etc.
    > >
    > > I wouldn't want to have a report produced that is two miles long
    > > unless absolutely necessary.
    > >
    > > Thanks,
    > >
    > >
    > > Jonathan
    > >
    > >
    > >
    > >
    >
    >
    >

  • Next message: Clement Dupuis: "RE: Etc/shadow file and john"