To detect Wireless Access Points remotely?

Hello, Doug! You wrote on Sat, 2 Apr 2005 02:08:33 -0500:

DF> I am searching for a way that a systems administrator can DF> locate/detect/identify unauthorized wireless access points in DF> global (or WAN) network, including those across the oceans, even DF> not being physically there!

DF> One way is "war driving". However, it requires a person DF> physically walking inside the organization or driving around the DF> organization's campus with a "war driving" software.

DF> Can one use a packet sniffer? But it may be "blocked" by VLANs.

DF> Any advice / pointers are appreciated.

Radio monitoring and WLSE in case of Cisco or/and AirMagnet Enterprise.

With best regards, Andrey.

These are costly solutions, which we cannot afford :-( We are looking for a "cheaper one".

Any suggestions are appreciated.

Hi Doug,

There are some open source tools that can aid in the detection of wireless networks in a geographically distributed corporate network.

You may wish to investigate Nmap.

Nmap is a network discovery tool and port scanner that can be used to audit large networks.

It also has a feature that is useful for detecting wireless access points on the wired network.

This feature is called TCP/IP Finger Printing, which is a remote system identification technique.

Within the Nmap distribution, there is a database of TCP/IP fingerprints enabling the tool to detect nearly 700 operating systems running on target devices.

A subset of these devices includes wireless access points.

Configuring Nmap to scan a portion of the network with the TCP/IP fingerprint option enabled will yield a list of hosts and their associated operating system.

Further filtering this output for "wireless" could identify rogue wireless access points on a network.

Using this technique assumes that the security staff can then map an IP address to the physical location of the wireless access point or at least the switch port to which the device is connected.

In an ideal environment this should not be difficult task, given proper documentation of network topology.

Nmap was developed to run on UNIX, but has been ported and is now available on Windows platforms.

---------------------------------------------------------------------------=

------

Yet another open source tool is APTools.

A different technique is to connect directly to a switch or router in the environment and compare the MAC addresses in the Address Resolution Protocol (ARP) table to a database of 802.11b wireless access point MAC addresses.

This is exactly what APTools attempts to accomplish and can reduce the amount of time it takes to search for wireless access points in a large corporate environment.

By providing a list of routers and switches (and the associated passwords), APTools will either query the switch's Content Accessible Memory or the router's ARP table and compare it to a database of wireless access point MAC addresses.

APTools runs on both Windows and UNIX.

---------------------------------------------------------------------------=

------

Hope this helps.

Sincerely,

Brad Reese BradReese.Com=AE Cisco Resource Center Toll Free: 877-549-2680 International: 828-277-7272=20 Website: