Re: Detecting WAP's

From: Ashley Woodbridge (maccount@stratagem-concepts.com)
Date: 01/03/02


From: "Ashley Woodbridge" <maccount@stratagem-concepts.com>
To: "sim" <list@mcclincy.com>
Date: Fri, 4 Jan 2002 08:16:08 +1000

Hi,
    we have the same problem in our network as it encompassess a lot of
remote locations that have semi-techinical IT staff. What I setup was a perl
script that looked in the ARP cache of the routers to find mac addresses of
wireless cards. If it found any it then looked on that sites local switches
and reported what ports the device was connected to.

This worked great for us and was not to hard as we are a total cisco shop.
But it might be a fair bit of work if you have lots of differrent switch
vendors.

Ashley.

----- Original Message -----
From: "sim" <list@mcclincy.com>
To: <security-basics@securityfocus.com>
Sent: Thursday, January 03, 2002 08:57
Subject: Detecting WAP's

> Hello,
> I spent the better part of my morning today tracking down a WAP within
> my building. We basically stumbled onto the signal by blind luck
> (testing a WAP enabled laptop) and I proceeded to walk around on a few
> floors searching cubicles until I found it sitting inside someone's
> cabinet.
>
> My current network policy is no wireless devices.
>
> My question is how does one proactively monitor for a WAP in a standard
> routed/switched environment. Is there any intelligent way to accomplish
> this? I would be interested in ideas/solutions for LAN's and WAN's. Is
> there something I can look for within each packet or perhaps specific
> types of traffic (broadcast?) create by the WAP?
>
> Unfortunately I am not up on 802.11 (yet) and this recent incident has
> me concerned given anyone within range had free access to my network.
>
> Any comments, links, documents, or criticisms are welcome. Please
> respond to the group.
> CM
>