What next

What next

Postby ChinMusic » Tue Oct 01, 2002 10:48 am

I used Ministumbler to search for rogue AP's at an office located in a high rise building in a large metropolitan area. Needless to say I identified a few AP's. What steps can I take to ensure these AP's belong to someone else?
ChinMusic
Mini Stumbler
 
Posts: 3
Joined: Tue Oct 01, 2002 9:02 am

Mechanic: Somebody set up us the bomb.

Postby blackwave » Tue Oct 01, 2002 10:53 am

Originally posted by ChinMusic
I used Ministumbler to search for rogue AP's at an office located in a high rise building in a large metropolitan area. Needless to say I identified a few AP's. What steps can I take to ensure these AP's belong to someone else?



1. turn all of your AP's OFF

2. Start a new file and scan for rogue APs

Those APs found are not yours.

Therefore they must belong to someone else.
-=BW=-
User avatar
blackwave
 
Posts: 4507
Joined: Mon Apr 15, 2002 3:00 am
Location: SoCal, OC

Postby renderman » Tue Oct 01, 2002 10:57 am

First, look at the SSID's are the obviusly some elses (name of a company in the building)

Second and probobly most effective, Walk around looking at the singnal to noise graph and track the signal by strength to its source. A little detective work goes a long way.

Third (or variation on the second), get or Build a directional antenna (lots of instructions on the board) to use to locate the direction the AP is in.

Just my suggestions.

[EDIT] Damn Blackwaves fast. That would probobly work as well[/EDIT]
User avatar
renderman
 
Posts: 1867
Joined: Thu Jun 06, 2002 5:29 pm
Location: Anywhere but Utah

Postby ChinMusic » Tue Oct 01, 2002 11:20 am

In theory there should be no AP's on our network. I'm searching for rogue devices. I would like some assurance that the AP's that NS identified are not connected to our network. I'm wearing a white hat, so I would like to do this legally.
ChinMusic
Mini Stumbler
 
Posts: 3
Joined: Tue Oct 01, 2002 9:02 am

Postby gbzstro » Wed Oct 02, 2002 6:22 am

download AIRSNARE to a desktop that is on your lan and search for the MAC address of the AP's
You want to use a LAN network card and not a wirelesscard
Regards

//Stu
gbzstro
Mini Stumbler
 
Posts: 9
Joined: Fri Sep 20, 2002 4:14 am

Postby ChinMusic » Wed Oct 02, 2002 8:45 am

NS records MAC addresses from the wireless side of the AP. How will AIRSNARE be able to detect unfiendly traffic from a wired connection if all I have is the wireless AP MAC address? Don't you need to provide AIRSNARE the MAC address from the wired side of the AP?
ChinMusic
Mini Stumbler
 
Posts: 3
Joined: Tue Oct 01, 2002 9:02 am

Postby gbzstro » Wed Oct 02, 2002 3:42 pm

"I would like some assurance that the AP's that NS identified are not connected to our network"

with airsnare running on a lan PC , with a normal UTP card and without a WLAN networkcard you can tell if the AP MAC's are found - if they are then they are on your LAN

Hope that you find nothing

Regards

//Stu
gbzstro
Mini Stumbler
 
Posts: 9
Joined: Fri Sep 20, 2002 4:14 am

Postby gbzstro » Wed Oct 02, 2002 3:49 pm

Sorry I just re-read your post and would like to make things a littleclearer as I think that confusion as crept in...

You have detected a number of AP's using a WLAN card and you are concerned that they may be connected to your LAN?

Go to your LAN and install AirSnare on a bog standard non WLAN desktop PC

Leave it to run and check the MAC address that it collects - if you can't see the MAC addresses of the AP's - then they arn't connected full stop !!

What you are seeing with N.S. are level 2 packets over R.F. - not over CAT5 on your LAN

Regards

//Stu
gbzstro
Mini Stumbler
 
Posts: 9
Joined: Fri Sep 20, 2002 4:14 am

Postby Chris_Schear » Thu Oct 03, 2002 5:58 am

Your task would be accomplished very easily with AirMagnet. ;)
User avatar
Chris_Schear
 
Posts: 243
Joined: Mon Aug 05, 2002 12:54 pm
Location: WDM, Iowa


Return to NetStumbler

Who is online

Users browsing this forum: No registered users and 3 guests