Re: Discover rogue wireless APs?

Overt wrote:

......
Unfortunately his boss and the plant manager can't understand why we are
so upset. They are assuming that we are mad because we have been bypassed
and might not get credit for a good idea. Trying to explain that the
worker has bypassed several thousand dollars worth of firewalls and
security appliances between us and a really nasty world gets nowhere. It
just isn't a big deal to them. At least it wasn't until we disabled the
ethernet port serving his desk.

Urge for a written and signed policy. Get the PHBs on your side.
Make all workers and new staff sign the agreement - not to bring in any
private network equipment without ITs approval, or they get the big boot.

That incident is fixed, but I am starting to research just how to
autodiscover this the next time it happens. Physical search is out of the
question - the place is far too big. At the far end of the spectrum,
issuing connections based on logged MAC addresses would work, except that
it would be a major administration pain, so that is totally out of the
question. And what happens when some real techie turns his machine into a
PC based accesspoint? Pink slips would help some, but that is not our
call.

Anybody?

Kismet and friends, airsnort ... at least for wireless devices.
Your IT stuff may end up wardriving in your own facility ;-)

--
vista policy violation: Microsoft optical mouse found penguin patterns
on mousepad. Partition scan in progress to remove offending
incompatible products. Reactivate MS software.
Linux [LinuxCounter#295241,ICQ#4918962]
.