Doing the impossible? Finding rogues from the wired side

Unanswered Question
Nov 15th, 2002
User Badges:

Wondering if anyone has found a valid tool (beyond the sourceforge APTools kind of stuff) to assist in finding APs by culling through the ARP tables on routers etc... brutal stuff here I know. Also- anything in a wireless frame/packets common to all APs (all vendors as part of 802.11) that can be filtered on at the router to possibly block traffic from rogue APs? I think not, but I'm scratchin at anything here...


Lee Badman

CWNA Network Engineer

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ndoshi Fri, 11/15/2002 - 22:09
User Badges:
  • Cisco Employee,

Hi ,


In AP350 has fnew feature which may help you .


The process takes place as follows:


1. A client with a LEAP profile attempts to associate to a access point A.


2. Access point A does not handle LEAP authentication successfully, perhaps because the access point does not understand LEAP or cannot communicate to a trusted LEAP authentication server.


3. The client records the MAC address for access point A and the reason why the association failed.


4. The client associates successfully to access point B.


5. The client sends the MAC address of access point A and the reason code for the failure to access pont B.


6. Access point B logs the failure in the system log.



http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350rn/rn1200.htm




don.wolf Wed, 11/20/2002 - 08:29
User Badges:

If multiple MAC's are connecting via the AP, would those MAC's not show up under the ports (the one the AP is connected to) list?


If so is there a way to automate the retrieval of ports with multiple MAC's?

Actions

This Discussion

 

 

Trending Topics - Security & Network