Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Tool to find rouge wireless access points?

From: Estell Kauffman <Estell.Kauffman () chickasaw net>
Date: Tue, 15 May 2012 20:11:46 +0000
Jon,

If you are running lightweight APs off a controller most of the controller software I've seen includes rogue AP 
detection. The APs themselves act as detectors reporting the beacons and related information back to the controller. 
The controller itself is generally able to see the wired side of the network and can then identify the rogue. Some 
controllers also include the ability to shut down rogue APs.

The only other tool I've seen in the past that would be able to identify an unauthorized network device, including 
rogue APs, is netdisco (http://www.netdisco.org/). Netdisco will go out and scan your network using SNMP, LLDP, and 
CDP. This allows it to not only identify those devices but also identify what switch and port it is connected to.

HTH,

Estell Kauffman 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jon D
Sent: Tuesday, May 15, 2012 2:28 PM
To: security-basics () securityfocus com
Subject: Re: Tool to find rouge wireless access points?

Sorry Felipe. Basically the core question is 'how to find rouge access points'.
For example, if an end user plugs in a linksys wireless router under their desk, how do you detect it?

Expanding on the question, is that usually from what I've seen, just scanning with nmap or something might not pick it 
up if the AP is configured not to respond to pings, and doesn't have ports open, etc.
And without knowing the encryption password, sniffing wireless traffic seems out of the question too. Simply scanning 
with something like kismet will only tell you that there's an AP in the area, but you don't know if it's an AP plugged 
into your network, or if it's another companies AP.
The link that was posted about sniffing the encrypted wireless traffic for netbios requests that aren't encrypted seems 
interesting.
Something I'll try.


Thanks,
Jon


On Mon, May 14, 2012 at 3:58 PM, Felipe Martins <martins.felipe.security () gmail com> wrote:

Yes, i'm on the same way. I didn't  fully understand what the question 
was. Can you be more specific Jon.

Best Regards

Felipe Martins
CEH, RHCE, RHCI, LPI, ITIL, NCLA, DCTS Security Specialist and 
Projects




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: