Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Tools for Detecting Wireless APs - from the wire side.

Re: Tools for Detecting Wireless APs - from the wire side.

From: Larry Youngquist <lyoungquist_at_hotmail.com>
Date: Mon, 10 Jun 2002 12:18:03 -0700

Perhaps the commercial product, AirDefense (http://www.airdefense.net/)
would do the trick for you. I noticed a recent review in eWeek June 3rd
edition (http://www.eweek.com/article/0,3658,s=701&a=27656,00.asp)

>From the marketing info, it sounds like they are targeting rogue AP's and
looking for vulnerabilities from the wired side of the network.

Larry

----- Original Message -----
From: "Isherwood Jeff C Contr AFRL/IFOSS" <Jeffrey.Isherwood_at_rl.af.mil>
To: "'Pen-Test'" <pen-test_at_securityfocus.com>
Sent: Monday, June 10, 2002 5:58 AM
Subject: MORE: Tools for Detecting Wireless APs - from the wire side.

> More on the original topic: Tools for Detecting Wireless APs - from the
> wire side.
>
> Many decent suggestions:
>
> TOP 3 ideas (best suggestions so far) are here -
> Nmap: OS Fingerprint of APS
> I've been in contact with Fydor, and Nmap already does many, I'm
> gonna try and figure out which ones...
>
> ARP Tables: collect ARP Info, cull MAC addresses and match MACs to vendor
> prefixes for wireless devices
> I'm working on a script that can perform this function on our
> tables...
>
> SNMP: Use HP Openview, SolarWinds or another SNMP enabled network
management
> tool to probe for the snmp agents on the APs.
> A good idea for "out of the box" APs, but it is very easy to
> halt/remove the snmp agents. If someone is making even a half hearted
> attempt to secure the device, then the SNMP is probably off.
>
>
> MOST received wrong answer ??
>
> Netstumbler: Wardrive your own campus before they do.
> This is not always a practical, or failsafe method. You might miss
> an area, or your campus might be too big to realistically do this (imagine
a
> corporation or Edu that is spread out over a mile or more, and your
manpower
> is limited?)
>
>
> The idea is to find some tools that you can run from the NETWORK side, not
> the RF WIRELESS Side. Something that will help you scan and probe your
net
> for Wireless APs from their IP address, not their antenna. A way of
> spotting the devices from the managed wire, not the free floating
airwaves.
>
> Netstumbler, AiroPeek, ministumbler, Kismet, Wellenreiter, AirTraf,
> AirSnort, Aerosol, Mognet are all WIRELESS scanners... I'm trying to find
a
> WIRED scanner that can find wireless...
>
>
>
> _____
> Jeffrey.Isherwood_at_rl.af.mil - Senior Security Engineer-UNIX Sys AFRL\IFOSS
> Comm:(315) 330-7246 DSN: 587-7246
>
> "The art of war teaches us to rely not on the likelihood of the
> enemy's not coming, but on our own readiness to receive him; not on the
> chance of his not attacking, but rather on the fact that we have made our
> position unassailable..."
> - Sun-Tzu, The Art of War

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Jun 10 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]