Hi again, One thing to note about this product is that it communicates with the device via telnet. This may not be a problem for most. But it certainly is no good if you use one time passwords like securid. For those in this situation it is possible to check for WAP via snmp using the same idea of looking for the MAC address then using nmap and the like. I don't consider myself a great perl programmer but as i said in a previous post I have mangled togeather a script that seems to work okay. There is one other thing on IOS version less then 12.0(5.2) XU you can not access the CAM table for any other VLANS other than the default so if you run multi-vlans then my script won't work on your kit with these ios version. Anyway I have just about convienced my boss to let me upload the script so if you are intrested drop me a mail and i will forward it onto you asap. I would also like comments on it so I can hopefully improve my perl skills. I personally believe this idea and products like aptools is a much easier and less time consuming way to find acess points then having to try and stumbler on them using netstumbler particular since properly configured cisco aironet will not show up neither will Lucent outdoor routers or any of the lucent based card that are running in closed system mode.
Ashley Woodbridge CCNA CCNP Network Support Stratagem Concepts ----- Original Message ----- From: "Paul Hosking" <[EMAIL PROTECTED]> To: "sim" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, January 08, 2002 21:38 Subject: Re: Detecting WAP's > On Wed, 2002-01-02 at 16:57, sim wrote: > > > I spent the better part of my morning today tracking down a WAP within > > my building. We basically stumbled onto the signal by blind luck > > The wonder of wireless networking - whack-a-mole! Endless fun for > infosec and network admins everywhere. :) > > Kirby Kuehl has done some work towards scanning tools to detect rogue > access points (including going the nmap fingerprint route Mike Craik > mentioned). His APTools scanner (http://aptools.sourceforge.net/) > actually scans for MAC Address ranges that are commonly associated with > wireless access points. It then audits suspect addresses. The tool was > developed specifically with Cisco kit - support for other hardware is > "untested". > > > -- > > .: Paul Hosking . [EMAIL PROTECTED] > .: InfoSec . 408.829.9402 > > .: PGP KeyID: 0x42F93AE9 > .: 7B86 4F79 E496 2775 7945 FA81 8D94 196D 42F9 3AE9 >
