What next

ChinMusic · 10-01-2002

I used Ministumbler to search for rogue AP's at an office located in a high rise building in a large metropolitan area. Needless to say I identified a few AP's. What steps can I take to ensure these AP's belong to someone else?

blackwave · 10-01-2002

Quote:

Originally posted by ChinMusic
I used Ministumbler to search for rogue AP's at an office located in a high rise building in a large metropolitan area. Needless to say I identified a few AP's. What steps can I take to ensure these AP's belong to someone else?

1. turn all of your AP's OFF

2. Start a new file and scan for rogue APs

Those APs found are not yours.

Therefore they must belong to someone else.

renderman · 10-01-2002

First, look at the SSID's are the obviusly some elses (name of a company in the building)

Second and probobly most effective, Walk around looking at the singnal to noise graph and track the signal by strength to its source. A little detective work goes a long way.

Third (or variation on the second), get or Build a directional antenna (lots of instructions on the board) to use to locate the direction the AP is in.

Just my suggestions.

[EDIT] Damn Blackwaves fast. That would probobly work as well[/EDIT]

ChinMusic · 10-01-2002

In theory there should be no AP's on our network. I'm searching for rogue devices. I would like some assurance that the AP's that NS identified are not connected to our network. I'm wearing a white hat, so I would like to do this legally.

gbzstro · 10-02-2002

download AIRSNARE to a desktop that is on your lan and search for the MAC address of the AP's
You want to use a LAN network card and not a wirelesscard
Regards

//Stu

ChinMusic · 10-02-2002

NS records MAC addresses from the wireless side of the AP. How will AIRSNARE be able to detect unfiendly traffic from a wired connection if all I have is the wireless AP MAC address? Don't you need to provide AIRSNARE the MAC address from the wired side of the AP?

gbzstro · 10-02-2002

"I would like some assurance that the AP's that NS identified are not connected to our network"

with airsnare running on a lan PC , with a normal UTP card and without a WLAN networkcard you can tell if the AP MAC's are found - if they are then they are on your LAN

Hope that you find nothing

Regards

//Stu

gbzstro · 10-02-2002

Sorry I just re-read your post and would like to make things a littleclearer as I think that confusion as crept in...

You have detected a number of AP's using a WLAN card and you are concerned that they may be connected to your LAN?

Go to your LAN and install AirSnare on a bog standard non WLAN desktop PC

Leave it to run and check the MAC address that it collects - if you can't see the MAC addresses of the AP's - then they arn't connected full stop !!

What you are seeing with N.S. are level 2 packets over R.F. - not over CAT5 on your LAN

Regards

//Stu

Chris_Schear · 10-03-2002

Your task would be accomplished very easily with AirMagnet.

10-01-2002	#1 (permalink)
ChinMusic Registered Member Join Date: Oct 2002 Posts: 3	What next I used Ministumbler to search for rogue AP's at an office located in a high rise building in a large metropolitan area. Needless to say I identified a few AP's. What steps can I take to ensure these AP's belong to someone else?

10-03-2002	#9 (permalink)
Chris_Schear Packetmonkey Join Date: Aug 2002 Location: WDM, Iowa Posts: 243	Your task would be accomplished very easily with AirMagnet. __________________ Regards... http://packetmonkey.net

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

10-01-2002	#3 (permalink)
renderman Drunken Stumbler Join Date: Jun 2002 Location: Anywhere but Utah Posts: 1,794	First, look at the SSID's are the obviusly some elses (name of a company in the building) Second and probobly most effective, Walk around looking at the singnal to noise graph and track the signal by strength to its source. A little detective work goes a long way. Third (or variation on the second), get or Build a directional antenna (lots of instructions on the board) to use to locate the direction the AP is in. Just my suggestions. [EDIT] Damn Blackwaves fast. That would probobly work as well[/EDIT]

10-01-2002	#4 (permalink)
ChinMusic Registered Member Join Date: Oct 2002 Posts: 3	In theory there should be no AP's on our network. I'm searching for rogue devices. I would like some assurance that the AP's that NS identified are not connected to our network. I'm wearing a white hat, so I would like to do this legally.

10-02-2002	#5 (permalink)
gbzstro Registered Member Join Date: Sep 2002 Posts: 9	download AIRSNARE to a desktop that is on your lan and search for the MAC address of the AP's You want to use a LAN network card and not a wirelesscard Regards //Stu

10-02-2002	#6 (permalink)
ChinMusic Registered Member Join Date: Oct 2002 Posts: 3	NS records MAC addresses from the wireless side of the AP. How will AIRSNARE be able to detect unfiendly traffic from a wired connection if all I have is the wireless AP MAC address? Don't you need to provide AIRSNARE the MAC address from the wired side of the AP?

10-02-2002	#7 (permalink)
gbzstro Registered Member Join Date: Sep 2002 Posts: 9	"I would like some assurance that the AP's that NS identified are not connected to our network" with airsnare running on a lan PC , with a normal UTP card and without a WLAN networkcard you can tell if the AP MAC's are found - if they are then they are on your LAN Hope that you find nothing Regards //Stu

10-02-2002	#8 (permalink)
gbzstro Registered Member Join Date: Sep 2002 Posts: 9	Sorry I just re-read your post and would like to make things a littleclearer as I think that confusion as crept in... You have detected a number of AP's using a WLAN card and you are concerned that they may be connected to your LAN? Go to your LAN and install AirSnare on a bog standard non WLAN desktop PC Leave it to run and check the MAC address that it collects - if you can't see the MAC addresses of the AP's - then they arn't connected full stop !! What you are seeing with N.S. are level 2 packets over R.F. - not over CAT5 on your LAN Regards //Stu