To detect Wireless Access Points remotely?

To detect Wireless Access Points remotely?
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
To detect Wireless Access Points remotely? Doug Fox 04-02-2005
Posted by Doug Fox on April 2, 2005, 2:08 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I am searching for a way that a systems administrator can
locate/detect/identify unauthorized wireless access points in global (or
WAN) network, including those across the oceans, even not being physically
there!

One way is "war driving". However, it requires a person physically walking
inside the organization or driving around the organization's campus with a
"war driving" software.

Can one use a packet sniffer? But it may be "blocked" by VLANs.

Any advice / pointers are appreciated.

Thanks and have a nice weekend.




NMFall 20%
Posted by Andrey Tarasov on April 1, 2005, 11:30 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello, Doug!
You wrote on Sat, 2 Apr 2005 02:08:33 -0500:

DF> I am searching for a way that a systems administrator can
DF> locate/detect/identify unauthorized wireless access points in
DF> global (or WAN) network, including those across the oceans, even
DF> not being physically there!

DF> One way is "war driving". However, it requires a person
DF> physically walking inside the organization or driving around the
DF> organization's campus with a "war driving" software.

DF> Can one use a packet sniffer? But it may be "blocked" by VLANs.

DF> Any advice / pointers are appreciated.

Radio monitoring and WLSE in case of Cisco or/and AirMagnet Enterprise.

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/
http://www.airmagnet.com/products/enterprise.htm

With best regards,
Andrey.


Posted by Doug Fox on April 2, 2005, 12:31 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
These are costly solutions, which we cannot afford :-( We are looking for a
"cheaper one".

Any suggestions are appreciated.

> Hello, Doug!
> You wrote on Sat, 2 Apr 2005 02:08:33 -0500:
>
> DF> I am searching for a way that a systems administrator can
> DF> locate/detect/identify unauthorized wireless access points in
> DF> global (or WAN) network, including those across the oceans, even
> DF> not being physically there!
>
> DF> One way is "war driving". However, it requires a person
> DF> physically walking inside the organization or driving around the
> DF> organization's campus with a "war driving" software.
>
> DF> Can one use a packet sniffer? But it may be "blocked" by VLANs.
>
> DF> Any advice / pointers are appreciated.
>
> Radio monitoring and WLSE in case of Cisco or/and AirMagnet Enterprise.
>
> http://www.cisco.com/en/US/products/sw/cscowork/ps3915/
> http://www.airmagnet.com/products/enterprise.htm
>
> With best regards,
> Andrey.




Posted by BradReeseCom on April 2, 2005, 12:07 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi Doug,

There are some open source tools that can aid in the detection of
wireless networks in a geographically distributed corporate network.

You may wish to investigate Nmap.

http://www.insecure.org/nmap/

Nmap is a network discovery tool and port scanner that can be used to
audit large networks.

It also has a feature that is useful for detecting wireless access
points on the wired network.

This feature is called TCP/IP Finger Printing, which is a remote system
identification technique.

Within the Nmap distribution, there is a database of TCP/IP
fingerprints enabling the tool to detect nearly 700 operating systems
running on target devices.

A subset of these devices includes wireless access points.

Configuring Nmap to scan a portion of the network with the TCP/IP
fingerprint option enabled will yield a list of hosts and their
associated operating system.

Further filtering this output for "wireless" could identify rogue
wireless access points on a network.

Using this technique assumes that the security staff can then map an IP
address to the physical location of the wireless access point or at
least the switch port to which the device is connected.

In an ideal environment this should not be difficult task, given proper
documentation of network topology.

Nmap was developed to run on UNIX, but has been ported and is now
available on Windows platforms.

---------------------------------------------------------------------------------

Yet another open source tool is APTools.

http://winfingerprint.sourceforge.net/aptools.php

A different technique is to connect directly to a switch or router in
the environment and compare the MAC addresses in the Address Resolution
Protocol (ARP) table to a database of 802.11b wireless access point MAC
addresses.

This is exactly what APTools attempts to accomplish and can reduce the
amount of time it takes to search for wireless access points in a large
corporate environment.

By providing a list of routers and switches (and the associated
passwords), APTools will either query the switch's Content Accessible
Memory or the router's ARP table and compare it to a database of
wireless access point MAC addresses.

APTools runs on both Windows and UNIX.

---------------------------------------------------------------------------------

Hope this helps.

Sincerely,

Brad Reese
BradReese.ComŽ Cisco Resource Center
Toll Free: 877-549-2680
International: 828-277-7272
Website: http://www.BradReese.Com



Similar ThreadsPosted
Wireless access points security question June 6, 2005, 6:06 pm
difference between the 1121 and 1131 wireless access points June 17, 2007, 10:06 am
Cisco wireless access points: snmp query for number of clients September 6, 2006, 1:53 pm
Some wireless clients cannot detect my unbroadcast Aironet AP July 3, 2008, 11:21 pm
Re: Cisco Access points August 30, 2006, 10:23 pm
vo2 and vo3 labeling on Access Points December 22, 2006, 4:25 pm
How to get connected stations on access points July 11, 2005, 8:56 am
Roaming between 1232 Access Points January 9, 2006, 2:32 pm
1200 Access Points as Bridged Network February 23, 2006, 1:22 pm
software to manage cisco access points May 26, 2006, 4:23 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map