RE: Wireless LAN detection

From: Optrics Engineering - Shaun Sturby, MCSE (Shaun@Optrics.com)
Date: 12/07/02

  • Next message: Xaos: "IP conflict and mac"
    From: "Optrics Engineering - Shaun Sturby, MCSE" <Shaun@Optrics.com>
    To: "'Boschmann, Armin'" <aboschmann@hydro.mb.ca>
    Date: Fri, 6 Dec 2002 16:09:58 -0700
    
    

    Hello Armin,

    Take a look at 'Observer' by Network Instruments (www.networkinstruments.com) It is a realtime packet sniffer that will work with
    any NDIS5 supported NIC including 802.11a and 802.11b and it has the ability to send alerts from something as simple as a local
    popup to Dialing a pager or sending an e-mail via a dial-on-demand TCP/IP connection.

    -----Original Message-----
    From: Boschmann, Armin [mailto:aboschmann@hydro.mb.ca]
    Sent: Friday, December 06, 2002 11:45 AM
    To: 'security-basics@lists.securityfocus.com'
    Subject: Wireless LAN detection

    We have a policy of no-wireless at our sites. I want to audit this policy,
    similar to war-dialing, or more correctly war-driving.

    My thinking is to find illegal wireless equipment in realtime. My concern
    is insiders (temporary employees, contractors, 'bad' employees) plugging in
    a wireless access point, then accessing our network from the street, then
    disconnecting. So I am envisioning a computer with a wireless receiver that
    will look for TCP/IP traffic, and tell me if it detects communications to
    any of our computers.

    I can see several problems, such as distinguishing between our 192.168.x.x
    addresses and those on WLANs of our neighbors. Also I would have to harden
    the wireless detection computer, and ideally not connect it to our network
    at all yet have some means of notifying me (pager, cell modem).

    Does anyone know of a product that does this? Or if you think my approach
    is suspect, suggest another one?

    Armin Boschmann
    aboschmann@hydro.mb.ca
    Manitoba Hydro
    ___________________________________________________________________________________

    IMail Server has scanned this e-mail for viruses using Declude Virus from Optrics.com

    ___________________________________________________________________________________

    IMail Server has scanned this e-mail for viruses using Declude Virus from Optrics.com