Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- To detect rouge wireless access points
- Doug Fox
April 2, 2005, 7:05 am
rate this thread
locate/detect/identify unauthorized wireless access points in global (or
WAN) network, including those across the oceans, even not being physically
One way is "war driving". However, it requires a person physically walking
inside the organization or driving around the organization's campus with a
"war driving" software.
Can one use a packet sniffer? But it may be "blocked" by VLANs.
Any advice / pointers are appreciated.
Thanks and have a nice weekend.
Re: To detect rouge wireless access points
Doug Fox wrote:
I understand you need this to detect APs potentially compromising the
enterprise network. A few approaches are possible:
- The APs might not have a static IP on the wired side. When requesting
DHCP, the AP may give a name different from the names given to
workstations. If you have access to DHCP status info or logs, check for
"irregular" client names. Try opening any found addresses with telnet
and web client.
- If SNMP is enabled, the APs will respond to a proprietary
administration program. If you suspect a specific make of AP, get the
administration program for that and use it to search for APs on the
suspicious subnet. General purpose network watcher tools may have
general "discover" tools.