Wireless LAN detection

From: Boschmann, Armin (aboschmann@hydro.mb.ca)
Date: 12/06/02

  • Next message: Neal K. Groothuis: "Re: ICMP on port 3"
    From: "Boschmann, Armin" <aboschmann@hydro.mb.ca>
    To: "'security-basics@lists.securityfocus.com'" <security-basics@lists.securityfocus.com>
    Date: Fri, 6 Dec 2002 12:45:24 -0600 

    We have a policy of no-wireless at our sites. I want to audit this policy,
    similar to war-dialing, or more correctly war-driving.

    My thinking is to find illegal wireless equipment in realtime. My concern
    is insiders (temporary employees, contractors, 'bad' employees) plugging in
    a wireless access point, then accessing our network from the street, then
    disconnecting. So I am envisioning a computer with a wireless receiver that
    will look for TCP/IP traffic, and tell me if it detects communications to
    any of our computers.

    I can see several problems, such as distinguishing between our 192.168.x.x
    addresses and those on WLANs of our neighbors. Also I would have to harden
    the wireless detection computer, and ideally not connect it to our network
    at all yet have some means of notifying me (pager, cell modem).

    Does anyone know of a product that does this? Or if you think my approach
    is suspect, suggest another one?

    Armin Boschmann
    Manitoba Hydro