mailing list archives
Re: Locating rogue APs
From: John Kristoff <jtk () aharp is-net depaul edu>
Date: Tue, 11 Feb 2003 14:28:01 -0600
On Tue, Feb 11, 2003 at 01:02:34PM -0700, Tony Rall wrote:
It sounds like John is referring to using a network IDS system, maybe one
per subnet, to try to infer from the wired (maybe) network traffic that an
unwanted AP is connected to your wired network. Given that you may want
Actually, the info was to meant to provide operators with very
rudimentary AP tracking info that can mostly be done from the network
devices. If someone has login access to a switch/router, you can
use the MAC and IGMP address info to identify potential APs fairly
easily at the CLI or via scripts.
If there is incorrect or missing information, as I mentioned at the
mic, I'd appreciate any updates. Feel free to send them to me via
private email and I can send out an update if there is interest.