Re: Detecting Rogue AP's from the Wired network
From: blau (blaumeer_at_despammed.com)
Date: Mon, 06 Sep 2004 10:12:25 +0200
On 01/09/2004 17:24, Mike wrote:
> Ok, So I was reading up about this abit, I seen that you can use
> Nessus with plugin ID #11026 to detect wireless. But from what I see
> is that you can only find enterprise WAP's.
Thank you for pointing this plugin out, Mike. I'll give it a try: I work
in a university NOC where rogue WAP (wireless access point) detection by
wireless sniffing is not feasible (geographical area is too broad) and
we were looking for an open source tool to do wireline detection. There
are a couple of commercial software products as you may be aware (try
A WAP has a webserver with some standard settings (for management and
configuration) and a MAC address discolsing the manufacturer, I guess
the nessus plugin looks for that and compares it to a signature DB.
> Now the thing is this, What happends if a user uses his wireless card,
> put it into adhoc mode and use it as a wireless AP.
That's difficult to detect via wireline.
> I see that you can use something like arpwatch to check out a switch
> and make sure that only one MAC is sending though a port,
If I am not wrong this is L2 and you do not get info on the MACs behind
the switch (i.e. the wireless clients using the WAP)