[157294] in North American Network Operators' Group
Re: Detection of Rogue Access Points
daemon@ATHENA.MIT.EDU (Lyndon Nerenberg)
Sun Oct 14 17:43:28 2012
From: Lyndon Nerenberg <lyndon@orthanc.ca>
In-Reply-To: <CAC47Z9mEDndWoNUsXjUNgawifNtv4RXztLZgLZ2SLc4JTe0AGA@mail.gmail.com>
Date: Sun, 14 Oct 2012 14:43:07 -0700
To: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> I'm looking for innovative ideas on how to find such a rogue device,
> ideally as soon as it is plugged in to the network.
There was a SIGCOMM paper a few years back that described a scheme based =
on measuring the the ACK delays of TCP sessions. In a nutshell, you can =
detect nodes on the wireless network by looking for the extra delay =
added by the radio link. It had very good accuracy, and caught new =
nodes quickly. It didn't require any prior knowledge of the network.
I don't have a copy of the paper at hand, and I don't remember the =
title/author or the publication date (2007ish?), but maybe this will =
ring a bell for someone else on the list who does.
--lyndon
