Excellent point Jeff, many enterprises are realizing the risk of that "network jack in the wall" that connects to their internal network.
There are 3 different classes of products to identify rogue access points: over the wire, wireless ad hoc, and wireless enterprise.
Over the wire products are things like Foundstone and ISS scanners that look for APs on the wire, the also can do a vulnerability check on the configuration. These are good tools, but don't keep real time tabs, can't tell you where in the office the device is and can't locate clients talking in ad hoc mode sending valuable company data out to some dude in the parking lot. These products aren't cheap, and usually only within the budget of the corporate customer; their main mission is vulnerability testing of network devices. They have added the AP specific functionality based on the proliferation of the devices and the rogue AP problem.
The wireless ad hoc products are the tools most people on this list are familiar with: NetStumbler, Kismet, Wellenreiter, AiroPeek, Ethereal, ISS Wireless Scanner, Air Magnet (for Ipaq) etc. These tools require the user to walk around and can't function in a 24/7 monitoring capacity for the entire enterprise. Most of these products are free and you will find one that will support the client card you already have.
http://www.personaltelco.net/index.cgi/WirelessSniffer?action=show&redirect=WirelessSniffers and www.wardriving.com have good lists of current products for this category.
The Wireless Enterprise products use a number of wireless clients, either software running on laptops, or dedicated hardware devices, to sniff or stumble the area for wireless devices and send the data to a central collector. One advantage of these products is the ability to triangulate with signal strength from a number of remote agents to provide the rough location of the rogue device. IBM is developing a product based on their Ipaq version of their wireless scanner that puts software on users' client machines. AirDefense has a hardware/software product, and NETSEC is developing a product that uses dedicated hardware devices with encrypted out of band communications and is scalable to campus and WANs. These are not cheap, and only viable for corprate customers, and take some site surveying to effectively implement. But these are the best options for the enterprise.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 16, 2002 2:51 PM
To: [EMAIL PROTECTED]
Subject: [BAWUG] Tools for discovering rogue APs on a network
> I've been lurking for quite awhile and appreciate the chance to read this
> list. I have a question from a corporate network administrator's point of
> view:
>
> It is very easy to setup an access point in your cube and be able to roam
> around a building unfettered by wires. This is actually a really cool
> thing. However....
>
> It's been my experience that every rogue AP I've found (I see them or hear
> about them or whatever) is properly in configured. My question is, has
> anybody seen a product that will go out and, say, scan a class B looking
> for wireless APs and bridges? I saw one application up on sourceforge
> where a guy had been collecting MAC address ranges for different wireless
> vendors and was in the process of writing an application to scan for those
> MACs. Unfortunately he's not very far along with it.
>
> Any suggestions would be appreciated. Wardriving is quite fun until you
> find one of your own company's AP's on the list and you didn't even know
> it was there to begin with. :-)
>
> Jeff Murri
> J.R. Simplot Company - Tech Services
> 208/327-5920
> [EMAIL PROTECTED]
>
--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
