Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: RE: MORE: Tools for Detecting Wireless APs - from the wire side.

RE: MORE: Tools for Detecting Wireless APs - from the wire side.

From: John Adams <jadams_at_inktomi.com>
Date: Tue, 11 Jun 2002 16:18:00 -0700 (PDT)

On Tue, 11 Jun 2002, ed d wrote:

> depending on how the clients in your network get their ip addresses, you
> might be able to search through your dhcp logs and pull all of the ap mac
> addresses.
>
> this discounts rogue aps with statics, but if i was to drop a rogue ap into
> a network, i would probably turn on dhcp, then let it go.

Ahh, but this is useless if the AP DHCPs an address and then NATs everyone
on wireless.

> a good site for mac address/vendor coorelation is:
> http://standards.ieee.org/regauth/oui/oui.txt

I disagree with the entire "find them by Vendor MAC prefix to find APs"
approach. Many vendors are assigned blocks of MAC prefixes (look at Cisco,
for example) and share these blocks between disparate devices, both wired
and wireless.

--john 

-- 
John Adams         . Sr. Security Engineer . Inktomi Corporation
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Jun 12 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]