[55825] in North American Network Operators' Group
Re: Locating rogue APs
daemon@ATHENA.MIT.EDU (John Kristoff)
Tue Feb 11 15:28:38 2003
Date: Tue, 11 Feb 2003 14:28:01 -0600
From: John Kristoff <jtk@aharp.is-net.depaul.edu>
To: nanog@merit.edu
In-Reply-To: <OFB9114580.B7B03131-ON88256CCA.006D1044-88256CCA.006E19C9@us.ibm.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, Feb 11, 2003 at 01:02:34PM -0700, Tony Rall wrote:
> It sounds like John is referring to using a network IDS system, maybe one
> per subnet, to try to infer from the wired (maybe) network traffic that an
> unwanted AP is connected to your wired network. Given that you may want
Actually, the info was to meant to provide operators with very
rudimentary AP tracking info that can mostly be done from the network
devices. If someone has login access to a switch/router, you can
use the MAC and IGMP address info to identify potential APs fairly
easily at the CLI or via scripts.
If there is incorrect or missing information, as I mentioned at the
mic, I'd appreciate any updates. Feel free to send them to me via
private email and I can send out an update if there is interest.
John
