[157356] in North American Network Operators' Group
Re: Detection of Rogue Access Points
daemon@ATHENA.MIT.EDU (Ryan McBride)
Tue Oct 16 19:23:37 2012
Date: Wed, 17 Oct 2012 08:22:52 +0900
From: Ryan McBride <mcbride@countersiege.com>
To: Joe Hamelin <joe@nethead.com>
In-Reply-To: <CAO0-hXZAv-TrByy-8Ud9Xz4ssdVyFEFGRQ_xtHNSkiKMG16sJQ@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Oct 15, 2012 at 04:31:34PM -0700, Joe Hamelin wrote:
> I think it would be cheaper to have a script written that would grab the
> ARP table of each site and then compare to what is known. Kind of an ARP
> tripwire.
Netdisco does this, and more (reports on ports which have more than 1
MAC address, devices from known wireless manufacturers, search MAC
address by manufacturer, etc).
http://www.netdisco.org/
