[55823] in North American Network Operators' Group
Re: Locating rogue APs
daemon@ATHENA.MIT.EDU (Matthew S. Hallacy)
Tue Feb 11 14:41:20 2003
Date: Tue, 11 Feb 2003 13:42:19 -0600
From: "Matthew S. Hallacy" <poptix@techmonkeys.org>
To: nanog@merit.edu
In-Reply-To: <20030211172728.GA32451@aharp.is-net.depaul.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, Feb 11, 2003 at 11:27:28AM -0600, John Kristoff wrote:
>
> Apologies if this ends up on the list multiple times. I seem to
> have trouble getting this posted in a timely fashion.
>
> In general, MAC OUI designations may indicate a particular AP. IP
> multicast group participation may also be used by some APs. Some
> APs have a few unique ports open. Lastly, APs may be found with
> a radio on a particular default channel. All of these potentially
> identifying characteristics may be used to help audit the network
> for rogue IPs. Below is information on locating particular APs:
>
Why are you posting this here? The information is somewhat incomplete/incorrect
as well. Persons interested in finding rogue AP's would be much better
off with a tool such as kismet that already identifies model/make of
access points based on various datapoints (including the types you posted),
as well as the ability to determine in where the AP is (pysically) with
the use of a GPS unit.
As a side benefit, it can make pretty maps.
http://www.poptix.net/thehills.jpg
> John
--
Matthew S. Hallacy FUBAR, LART, BOFH Certified
http://www.poptix.net GPG public key 0x01938203
