Re: Detecting WAP's

From: Jay Abshier (jay@abshier.net)
Date: 01/04/02


From: "Jay Abshier" <jay@abshier.net>
To: "sim" <list@mcclincy.com>, <security-basics@securityfocus.com>
Date: Fri, 4 Jan 2002 09:45:01 -0600

You may want to visit www.netstumbler.com. They have links and info on
equipment and software for detecting WAPs, as well as info on 802.11b
(unfortunately, they also have quite a few WAPs mapped geographically). The
only way I know of, at this point in time, to secure WAPs is to isolate them
on a firewall protected vlan with an IPSec VPN server on the vlan, such as
Cisco's Altiga (it wouldn't hurt to put IDS sensors there also). Then
require that all traffic coming into the network from that vlan be IPSec.
Hope this helps...

Jay Abshier, CISSP

----- Original Message -----
From: "sim" <list@mcclincy.com>
To: <security-basics@securityfocus.com>
Sent: Wednesday, January 02, 2002 4:57 PM
Subject: Detecting WAP's

> Hello,
> I spent the better part of my morning today tracking down a WAP within
> my building. We basically stumbled onto the signal by blind luck
> (testing a WAP enabled laptop) and I proceeded to walk around on a few
> floors searching cubicles until I found it sitting inside someone's
> cabinet.
>
> My current network policy is no wireless devices.
>
> My question is how does one proactively monitor for a WAP in a standard
> routed/switched environment. Is there any intelligent way to accomplish
> this? I would be interested in ideas/solutions for LAN's and WAN's. Is
> there something I can look for within each packet or perhaps specific
> types of traffic (broadcast?) create by the WAP?
>
> Unfortunately I am not up on 802.11 (yet) and this recent incident has
> me concerned given anyone within range had free access to my network.
>
> Any comments, links, documents, or criticisms are welcome. Please
> respond to the group.
> CM
>
>



Relevant Pages

  • Re: Wireless access point
    ... Maybe a quick test berfore changing network IP would be to set WAP as DHCP ... It would help to know if when you went to your test SBS server did ...
    (microsoft.public.windows.server.sbs)
  • Re: New thread, broadcom 802-11 related
    ... On Tuesday 18 April 2006 18:53, Neil Cherry wrote: ... The MAC address is not a real WAP (at least I don't think they ... /sbin/iwconfig ${WLAN} channel $ ...
    (Fedora)
  • [fw-wiz] Re: Wireless
    ... somewhat limited when it comes to a national or international network. ... started toying with the 'wired' side looking at the WAP MAC addresses. ... this area on the Cisco network. ...
    (Firewall-Wizards)
  • Re: fixed ip or automatic?
    ... I have my home LAN setup like yours, ie. wireless/guest devices get a DHCP assigned IP address ... wireless which connect to a WAP. ... My network works fine at the moment with the 2 ... > will enable internet connection sharing. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Axim internet access on SBS2003
    ... I've got a Linksys WAP providing wireless network / ... internet (but not network) access to a Dell Axim x51. ...
    (microsoft.public.windows.server.sbs)