«

I am searching for a way that a systems administrator can
locate/detect/identify unauthorized wireless access points in global (or
WAN) network, including those across the oceans, even not being physically
there!

One way is "war driving". However, it requires a person physically walking
inside the organization or driving around the organization's campus with a
"war driving" software.

Can one use a packet sniffer? But it may be "blocked" by VLANs.

Any advice / pointers are appreciated.

Thanks and have a nice weekend.

Hello, Doug!
You wrote on Sat, 2 Apr 2005 02:08:33 -0500:

DF> I am searching for a way that a systems administrator can
DF> locate/detect/identify unauthorized wireless access points in
DF> global (or WAN) network, including those across the oceans, even
DF> not being physically there!

DF> One way is "war driving". However, it requires a person
DF> physically walking inside the organization or driving around the
DF> organization's campus with a "war driving" software.

DF> Can one use a packet sniffer? But it may be "blocked" by VLANs.

DF> Any advice / pointers are appreciated.

Radio monitoring and WLSE in case of Cisco or/and AirMagnet Enterprise.

http://www.cisco.com/en/US/products/sw/cscowork/ps3915/
http://www.airmagnet.com/products/enterprise.htm

With best regards,
Andrey.

These are costly solutions, which we cannot afford We are looking for a
"cheaper one".

Any suggestions are appreciated.

"Andrey Tarasov" <> wrote in message
news:d2lhj4$4hp$...
> Hello, Doug!
> You wrote on Sat, 2 Apr 2005 02:08:33 -0500:
>
> DF> I am searching for a way that a systems administrator can
> DF> locate/detect/identify unauthorized wireless access points in
> DF> global (or WAN) network, including those across the oceans, even
> DF> not being physically there!
>
> DF> One way is "war driving". However, it requires a person
> DF> physically walking inside the organization or driving around the
> DF> organization's campus with a "war driving" software.
>
> DF> Can one use a packet sniffer? But it may be "blocked" by VLANs.
>
> DF> Any advice / pointers are appreciated.
>
> Radio monitoring and WLSE in case of Cisco or/and AirMagnet Enterprise.
>
> http://www.cisco.com/en/US/products/sw/cscowork/ps3915/
> http://www.airmagnet.com/products/enterprise.htm
>
> With best regards,
> Andrey.

Hi Doug,

There are some open source tools that can aid in the detection of
wireless networks in a geographically distributed corporate network.

You may wish to investigate Nmap.

http://www.insecure.org/nmap/

Nmap is a network discovery tool and port scanner that can be used to
audit large networks.

It also has a feature that is useful for detecting wireless access
points on the wired network.

This feature is called TCP/IP Finger Printing, which is a remote system
identification technique.

Within the Nmap distribution, there is a database of TCP/IP
fingerprints enabling the tool to detect nearly 700 operating systems
running on target devices.

A subset of these devices includes wireless access points.

Configuring Nmap to scan a portion of the network with the TCP/IP
fingerprint option enabled will yield a list of hosts and their
associated operating system.

Further filtering this output for "wireless" could identify rogue
wireless access points on a network.

Using this technique assumes that the security staff can then map an IP
address to the physical location of the wireless access point or at
least the switch port to which the device is connected.

In an ideal environment this should not be difficult task, given proper
documentation of network topology.

Nmap was developed to run on UNIX, but has been ported and is now
available on Windows platforms.

---------------------------------------------------------------------------------

Yet another open source tool is APTools.

http://winfingerprint.sourceforge.net/aptools.php

A different technique is to connect directly to a switch or router in
the environment and compare the MAC addresses in the Address Resolution
Protocol (ARP) table to a database of 802.11b wireless access point MAC
addresses.

This is exactly what APTools attempts to accomplish and can reduce the
amount of time it takes to search for wireless access points in a large
corporate environment.

By providing a list of routers and switches (and the associated
passwords), APTools will either query the switch's Content Accessible
Memory or the router's ARP table and compare it to a database of
wireless access point MAC addresses.

APTools runs on both Windows and UNIX.

---------------------------------------------------------------------------------

Hope this helps.

Sincerely,

Brad Reese
BradReese.Com® Cisco Resource Center
Toll Free: 877-549-2680
International: 828-277-7272
Website: http://www.BradReese.Com