Now, I'm not necessarily disagreeing with you on your other points, so don't jump on top of me...but if you have multiple WAPs set up with WDS, you may be able to see WAP-to-WAP traffic on the LAN side (this becomes the wireless backbone) as the WAPs attempt to share information. I've not been able to verify this myself, but maybe someone else here can either verify or inform me of my mistaken assumption. :)
Will this detect the lame CFO plugging in a SOHO WAP in his office to get on the network from his couch closer to the window? Nope... <- snip -> For each of you that thinks they have a way to detect a wireless access point using only the LAN, please demonstrate how you would detect this. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
