Home page logo

nanog logo nanog mailing list archives

Re: Locating rogue APs
From: John Kristoff <jtk () aharp is-net depaul edu>
Date: Tue, 11 Feb 2003 14:28:01 -0600

On Tue, Feb 11, 2003 at 01:02:34PM -0700, Tony Rall wrote:
It sounds like John is referring to using a network IDS system, maybe one 
per subnet, to try to infer from the wired (maybe) network traffic that an 
unwanted AP is connected to your wired network.  Given that you may want 

Actually, the info was to meant to provide operators with very
rudimentary AP tracking info that can mostly be done from the network
devices.  If someone has login access to a switch/router, you can
use the MAC and IGMP address info to identify potential APs fairly
easily at the CLI or via scripts.

If there is incorrect or missing information, as I mentioned at the
mic, I'd appreciate any updates.  Feel free to send them to me via
private email and I can send out an update if there is interest.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]