Re: Detecting Rogue AP's from the Wired network

From: blau (blaumeer_at_despammed.com)
Date: 09/06/04


Date: Mon, 06 Sep 2004 10:12:25 +0200

On 01/09/2004 17:24, Mike wrote:
> Ok, So I was reading up about this abit, I seen that you can use
> Nessus with plugin ID #11026 to detect wireless. But from what I see
> is that you can only find enterprise WAP's.

Thank you for pointing this plugin out, Mike. I'll give it a try: I work
in a university NOC where rogue WAP (wireless access point) detection by
wireless sniffing is not feasible (geographical area is too broad) and
we were looking for an open source tool to do wireline detection. There
are a couple of commercial software products as you may be aware (try
google)

A WAP has a webserver with some standard settings (for management and
configuration) and a MAC address discolsing the manufacturer, I guess
the nessus plugin looks for that and compares it to a signature DB.

> Now the thing is this, What happends if a user uses his wireless card,
> put it into adhoc mode and use it as a wireless AP.

That's difficult to detect via wireline.

> I see that you can use something like arpwatch to check out a switch
> and make sure that only one MAC is sending though a port,

If I am not wrong this is L2 and you do not get info on the MACs behind
the switch (i.e. the wireless clients using the WAP)

Blau



Relevant Pages

  • Re: VMWare+Ubuntu server 12.04 ARP telling network wrong MAC
    ... Turns out the issue was that the bridged interface was wireless. ... you may not be able to have different MAC addresses on a wireless nic. ... Bother Mike anytime on his iPhone! ...
    (Ubuntu)
  • Re: Bigger isnt always better!
    ... when I said the Mac doesn't play well with others. ... much anything wireless beyonf plain vanilla. ... Tell me of a WAP that has the Enterprise WPA and I will give it a go. ...
    (comp.os.vms)
  • Re: WLAN security question
    ... >come with the MAC address as part of the configuration parameters. ... at the very least use a VPN into the network. ... the wireless still has vulnerabilities. ... it feasible for someone to do say a brute force attack on the WAP (Wireless ...
    (comp.security.misc)
  • Re: Two Netgear WGT624 models will not communicate
    ... dramatically increase the leve of complexity of wireless. ... Security in a WDS network is marginal. ... the WAP54G wireless bridge has a similar problem. ... As I see it, the MAC address in the configuration is ...
    (alt.internet.wireless)
  • Re: Theoretical Discussion: Hotel WiFi Hack
    ... discussion to start with you wireless experts. ... They don't offer wired internet because it's an old ... passed his MAC address around via some GET variables in the URL. ... Surely the router or gateway would go ...
    (alt.internet.wireless)