Re: Detecting WAP's

From: Ashley Woodbridge (maccount@stratagem-concepts.com)
Date: 01/03/02


From: "Ashley Woodbridge" <maccount@stratagem-concepts.com>
To: "sim" <list@mcclincy.com>
Date: Fri, 4 Jan 2002 08:16:08 +1000

Hi,
    we have the same problem in our network as it encompassess a lot of
remote locations that have semi-techinical IT staff. What I setup was a perl
script that looked in the ARP cache of the routers to find mac addresses of
wireless cards. If it found any it then looked on that sites local switches
and reported what ports the device was connected to.

This worked great for us and was not to hard as we are a total cisco shop.
But it might be a fair bit of work if you have lots of differrent switch
vendors.

Ashley.

----- Original Message -----
From: "sim" <list@mcclincy.com>
To: <security-basics@securityfocus.com>
Sent: Thursday, January 03, 2002 08:57
Subject: Detecting WAP's

> Hello,
> I spent the better part of my morning today tracking down a WAP within
> my building. We basically stumbled onto the signal by blind luck
> (testing a WAP enabled laptop) and I proceeded to walk around on a few
> floors searching cubicles until I found it sitting inside someone's
> cabinet.
>
> My current network policy is no wireless devices.
>
> My question is how does one proactively monitor for a WAP in a standard
> routed/switched environment. Is there any intelligent way to accomplish
> this? I would be interested in ideas/solutions for LAN's and WAN's. Is
> there something I can look for within each packet or perhaps specific
> types of traffic (broadcast?) create by the WAP?
>
> Unfortunately I am not up on 802.11 (yet) and this recent incident has
> me concerned given anyone within range had free access to my network.
>
> Any comments, links, documents, or criticisms are welcome. Please
> respond to the group.
> CM
>



Relevant Pages

  • Re: Wireless access point
    ... Maybe a quick test berfore changing network IP would be to set WAP as DHCP ... It would help to know if when you went to your test SBS server did ...
    (microsoft.public.windows.server.sbs)
  • Re: New thread, broadcom 802-11 related
    ... On Tuesday 18 April 2006 18:53, Neil Cherry wrote: ... The MAC address is not a real WAP (at least I don't think they ... /sbin/iwconfig ${WLAN} channel $ ...
    (Fedora)
  • [fw-wiz] Re: Wireless
    ... somewhat limited when it comes to a national or international network. ... started toying with the 'wired' side looking at the WAP MAC addresses. ... this area on the Cisco network. ...
    (Firewall-Wizards)
  • Re: fixed ip or automatic?
    ... I have my home LAN setup like yours, ie. wireless/guest devices get a DHCP assigned IP address ... wireless which connect to a WAP. ... My network works fine at the moment with the 2 ... > will enable internet connection sharing. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Axim internet access on SBS2003
    ... I've got a Linksys WAP providing wireless network / ... internet (but not network) access to a Dell Axim x51. ...
    (microsoft.public.windows.server.sbs)