Home page logo

nanog logo nanog mailing list archives

Re: Locating rogue APs
From: "Matthew S. Hallacy" <poptix () techmonkeys org>
Date: Tue, 11 Feb 2003 13:42:19 -0600

On Tue, Feb 11, 2003 at 11:27:28AM -0600, John Kristoff wrote:

Apologies if this ends up on the list multiple times.  I seem to
have trouble getting this posted in a timely fashion.

In general, MAC OUI designations may indicate a particular AP.  IP
multicast group participation may also be used by some APs. Some
APs have a few unique ports open.  Lastly, APs may be found with
a radio on a particular default channel.  All of these potentially
identifying characteristics may be used to help audit the network
for rogue IPs.  Below is information on locating particular APs:

Why are you posting this here? The information is somewhat incomplete/incorrect
as well. Persons interested in finding rogue AP's would be much better
off with a tool such as kismet that already identifies model/make of
access points based on various datapoints (including the types you posted), 
as well as the ability to determine in where the AP is (pysically) with 
the use of a GPS unit.

As a side benefit, it can make pretty maps.



Matthew S. Hallacy                            FUBAR, LART, BOFH Certified
http://www.poptix.net                           GPG public key 0x01938203

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]