IP address

Questions and configuration information about the NetStumbler software

IP address

Postby Hillbm » Thu Aug 23, 2007 8:09 am

Hello, its time for a game of flame the noob. I know this has been asked, and I know you all say read the readme, but read my whole post before you say that, as I have read it 8 times. On the wireless network at work, I CAN authenticate to the network (including the APs). The network admin before me made a map, but I have found that it is not an accurate one (I think he may have moved some APs and never updated the map). I have one AP that appears to work fine (I can use it, I can see lights on it etc.) but the ip on the map for that ap is not active (I can't ping it, I can't access the ap config, etc.) All APs use static ip addresses, no dhcp info. I have reconfigure card automatically turned off, I can authenticate to the network, and I still do not find ip addresses. Does NS rely on the DHCP server for this info? Is that why I can't see ips? Does anyone have a solution short of resetting the ap to factory defaults?

The question has been asked. Let the flaming commence.
Hillbm
Mini Stumbler
 
Posts: 3
Joined: Tue Feb 20, 2007 12:34 pm

Postby brwrdrvr » Thu Aug 23, 2007 8:40 am

Networking 101. Check to see if the AP has power. Reset the AP. Reconfigure the AP.

If the AP is in working order then this should be the fix since you don't have an IP for this AP.

Maybe I missed something, but you said you couldn't ping it or get to the configuration page of the AP. What IP were you using if the IP you have on the map isn't an active IP for this AP?

Time for a network audit to make sure all your equipment is in place and active with all the right IPs and MACs listed. :D
Real Linux users write the zeros and ones directly to the hard drive using a refrigerator magnet. ~ bobfunland
User avatar
brwrdrvr
 
Posts: 3381
Joined: Fri Feb 18, 2005 9:26 pm
Location: Capitol City, Louisiana

Postby Hillbm » Thu Aug 23, 2007 9:39 am

Okay, let me rephrase, the ip I am using is the one the map says that ap should be. It apparently is not, as the ap seems to work fine. I was hoping to avoid resetting the ap, as that would require getting maintenance to pull the thing down, as I am not allowed on a ladder (insurance issue) and that could take weeks.
I came aboard here as system support tech, and have found that management seems to think one tech for 100+ users and no network admin is adequate (the servers are taken care of by an outside contractor). The biggest hole I have found is in wireless security. We do use it, but not to my comfort level. Each of 26 APs carries its own access list, and encryption is considered too complicated. I am breaking these barriers, and have set up a radius server to centralize the mac list and provide certificates, which is why I need access to that AP (it is in a low traffic area where testing my server will cause the least amount of disruption)
Is there a way to discover the real ip of this device, or shoul I hold my testing until I can get my hands physically on the AP to reset it?

thanks
Hillbm
Mini Stumbler
 
Posts: 3
Joined: Tue Feb 20, 2007 12:34 pm

Postby streaker69 » Thu Aug 23, 2007 9:57 am

Hillbm wrote:Okay, let me rephrase, the ip I am using is the one the map says that ap should be. It apparently is not, as the ap seems to work fine. I was hoping to avoid resetting the ap, as that would require getting maintenance to pull the thing down, as I am not allowed on a ladder (insurance issue) and that could take weeks.
I came aboard here as system support tech, and have found that management seems to think one tech for 100+ users and no network admin is adequate (the servers are taken care of by an outside contractor). The biggest hole I have found is in wireless security. We do use it, but not to my comfort level. Each of 26 APs carries its own access list, and encryption is considered too complicated. I am breaking these barriers, and have set up a radius server to centralize the mac list and provide certificates, which is why I need access to that AP (it is in a low traffic area where testing my server will cause the least amount of disruption)
Is there a way to discover the real ip of this device, or shoul I hold my testing until I can get my hands physically on the AP to reset it?

thanks


There are several programs out there that can do a Ping scan of your network, many of them will also reveal the MAC address of the devices. Scan your network, try to find the correct mac among the returned addresses and connect to it that way.
Treat your gun like your genitals, only whip it out when it's absolutely necessary.
User avatar
streaker69
 
Posts: 11867
Joined: Thu Jul 08, 2004 10:09 am
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA

Postby beakmyn » Thu Aug 23, 2007 10:00 am

http://www.softperfect.com/

Network Scanner - Free

Options - Additional tab
Click box for

Resolve Host names
Check Open Ports
set value to 80
beakmyn
 
Posts: 4858
Joined: Sun Aug 03, 2003 1:53 pm

Postby Thorn » Thu Aug 23, 2007 11:15 am

My favorite is Network View. http://www.networkview.com It will create a visual network map for you. Once you've mapped out the network, you can match the MAC to any odd IP addresses.
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby Hillbm » Thu Aug 23, 2007 11:17 am

Ok, I got it. I missed the obvious. I was able to get the mac address of the AP through NS, and then match it with the Network Map in one of the other APs, giving me the correct IP of the offending unit. (the ip is listed as "spare" on the map I have).
Thanks for all the help.

Does anyone have any suggestions for security here? WPA isn't an option because of some of the older NICs we use, is wep even worth the trouble? I am trying to create a multi level approach to the problem, centering around freeradius on RHE 5.0. So far I have mac filtering and openssh certificates.

Thanks
Hillbm
Mini Stumbler
 
Posts: 3
Joined: Tue Feb 20, 2007 12:34 pm

Postby Starpoint » Thu Aug 23, 2007 11:30 am

Hillbm wrote:Ok, I got it. I missed the obvious. I was able to get the mac address of the AP through NS, and then match it with the Network Map in one of the other APs, giving me the correct IP of the offending unit. (the ip is listed as "spare" on the map I have).
Thanks for all the help.

Does anyone have any suggestions for security here? WPA isn't an option because of some of the older NICs we use, is wep even worth the trouble? I am trying to create a multi level approach to the problem, centering around freeradius on RHE 5.0. So far I have mac filtering and openssh certificates.

Thanks


Update the older NIC's to ones that support WPA.. best practice is to pick ONE make/model of NIC so you have 1 driver for all.

If anyone whines about they want a different NIC, charge up the cattle prod and "explain" things to them
Against the run of the mill, static as it seems

We break the surface tension with our wild kinetic dreams
Curves and lines -- of grand designs...


Tonight's movie "Soylent Green" has been brought to you by our sponsor - Waste Management

My mind is like a Steel trap - Rusty and Illegal in most states
User avatar
Starpoint
 
Posts: 2539
Joined: Fri Apr 18, 2003 4:47 pm
Location: Houston

Postby Thorn » Thu Aug 23, 2007 11:34 am

WEP is little more than a "no trespass" sign these days. A cheap, broken "no trespass" sign, that has been shot full of holes by the yokels. In the latest WEP cracking programs, it can be broken in about 15-30 seconds.

WPA-RADIUS is best for an enterprise. Upgrade the NICs and get rid of anything that can't do WPA. Convince the powers that be that it is in their best interests, since all usernames, passwords, etc are openly available to anyone taking the time to listen on the airwaves. Yes, I understand it's hard with some knuckleheads, but if you at least tell them, then your ass is covered when the CEO's emails to his mistress appear on the evening news. One other argument regarding this: if this is a public company or has any medical information/records, then they may be in violation of various state and Federal laws about lawfully maintaining privacy or fiduciary information such as HIIPA and Sarbanes-Oxley and the Officers and the Board of Directors may be personally liable. (THAT usually gets their attention.)
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby Barry » Thu Aug 23, 2007 11:44 am

I give people the deadbolt on a screen door analogy for wep. It looks secure, until you realize it's just a screen door....
Never do anything you don't want to explain to the paramedics.
User avatar
Barry
 
Posts: 5713
Joined: Sat Dec 28, 2002 11:10 pm
Location: Ohio

Postby audit » Thu Aug 23, 2007 12:16 pm

I just normally do it and when the bitching starts, show them print out's of e-mails, IM conversations, etc that were grabbed before the upgrade. Then if that doesn't shut them up then I show them the laws in regards to what we do and have on our network. That shuts them up 99% of the time as Thorn pointed out.
User avatar
audit
 
Posts: 1945
Joined: Mon Aug 19, 2002 3:00 am
Location: In the Octagon

Postby Airstreamer » Thu Aug 23, 2007 2:52 pm

One quick addition to this:

In the future, if you have access to the copper side of the AP, then Wireshark will probably snag a gratuitous ARP when the AP reboots.
"But when we disarmed They sold us and delivered us bound to our foe,
And the Gods of the Copybook Headings said: "Stick to the Devil you know.""

- Rudyard Kipling
User avatar
Airstreamer
 
Posts: 2703
Joined: Sun Nov 07, 2004 9:26 pm
Location: A little North of Reason


Return to NetStumbler

Who is online

Users browsing this forum: No registered users and 4 guests