Doing the impossible? Finding rogues from the wired side

Unanswered Question
Nov 15th, 2002
User Badges:

Wondering if anyone has found a valid tool (beyond the sourceforge APTools kind of stuff) to assist in finding APs by culling through the ARP tables on routers etc... brutal stuff here I know. Also- anything in a wireless frame/packets common to all APs (all vendors as part of 802.11) that can be filtered on at the router to possibly block traffic from rogue APs? I think not, but I'm scratchin at anything here...

Lee Badman

CWNA Network Engineer

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ndoshi Fri, 11/15/2002 - 22:09
User Badges:
  • Cisco Employee,

Hi ,

In AP350 has fnew feature which may help you .

The process takes place as follows:

1. A client with a LEAP profile attempts to associate to a access point A.

2. Access point A does not handle LEAP authentication successfully, perhaps because the access point does not understand LEAP or cannot communicate to a trusted LEAP authentication server.

3. The client records the MAC address for access point A and the reason why the association failed.

4. The client associates successfully to access point B.

5. The client sends the MAC address of access point A and the reason code for the failure to access pont B.

6. Access point B logs the failure in the system log.

don.wolf Wed, 11/20/2002 - 08:29
User Badges:

If multiple MAC's are connecting via the AP, would those MAC's not show up under the ports (the one the AP is connected to) list?

If so is there a way to automate the retrieval of ports with multiple MAC's?


This Discussion



Trending Topics - Security & Network