Re: Discover rogue wireless APs?
- From: Robert Heller <heller@xxxxxxxxxxxx>
- Date: Thu, 31 Jan 2008 20:44:15 +0100
At Thu, 31 Jan 2008 19:17:29 +0100 (CET) Overt <nowhere@xxxxxxxxxxx> wrote:
I haven't had much time to experiment yet, but anybody got an idea for a
way to discover a consumer wireless AP that has been inserted into the
network.
Reason: We had a semi-techie worker in the plant bring his own AP to work
so that he could roam around his area with his laptop. Not a bad idea if
it helps productivity and as long as IT knows about it - which we didn't.
Of course, it had no security set up and was wide open.
Unfortunately his boss and the plant manager can't understand why we are
so upset. They are assuming that we are mad because we have been bypassed
and might not get credit for a good idea. Trying to explain that the
worker has bypassed several thousand dollars worth of firewalls and
security appliances between us and a really nasty world gets nowhere. It
just isn't a big deal to them. At least it wasn't until we disabled the
ethernet port serving his desk.
That incident is fixed, but I am starting to research just how to
autodiscover this the next time it happens. Physical search is out of the
question - the place is far too big. At the far end of the spectrum,
issuing connections based on logged MAC addresses would work, except that
it would be a major administration pain, so that is totally out of the
question. And what happens when some real techie turns his machine into a
PC based accesspoint? Pink slips would help some, but that is not our
call.
Anybody?
Well, you can do this:
Use a really sensitive wireless card to scan for wireless
access points (this avoids have to do a 'physical' search over a large
area). When you find one, connect to it and attempt to get a IP #.
Then do a traceroute to some known point. You should get the IP number
of the router the AP is connected to. Presumably, you have a mapping a
router ports and ethernet jacks.
Overt
--
Robert Heller -- Get the Deepwoods Software FireFox Toolbar!
Deepwoods Software -- Linux Installation and Administration
http://www.deepsoft.com/ -- Web Hosting, with CGI and Database
heller@xxxxxxxxxxxx -- Contract Programming: C/C++, Tcl/Tk
.
- References:
- Discover rogue wireless APs?
- From: Overt
- Discover rogue wireless APs?
- Prev by Date: Re: Discover rogue wireless APs?
- Next by Date: Re: Discover rogue wireless APs?
- Previous by thread: Re: Discover rogue wireless APs?
- Next by thread: Re: Discover rogue wireless APs?
- Index(es):
