Some access points use dhcp to grab an address. They can then be identified - sort of - by the mac address being in a range issued to a vendor of wireless NICs.
Given a MAC, however, there is no easy way to figure out if it's an AP. While the list of oui's is available from the IEEE, a corresponding list of what use a vendor is making of their allocation isn't. Plus there is a lot of OEMed gear, which may be registered under either name, depending on who does the FCC approval work. Finally, it's not fool proof, as some vendors have multiple ranges that they break up between their wired and wireless gear. Two choices come to mind, one tedious the other probably impossible. I think you're going to have to do a version of war-driving every couple of weeks. Put a laptop on a cart, running NetStumbler or something similar and see what it finds as you push it up and down the halls. The other choice would be to program the dhcp server to give out addresses only to known MACs and log unknown ones. Difficult: If you find an unknown one in the logs, where is it?? Impossible: The admin nightmare of having to register every single MAC to a single IP on your network. -----Burton -----Original Message----- From: Hornat, Charles [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 3:22 PM To: [EMAIL PROTECTED] Subject: detecting wireless access points What is the best method to discover rogue wireless access points on your network? Other than the obvious, buy a laptop with a wireless card and search theory. Is there a network tool that would detect a wireless access point being plugged in? As a security administrator, I would like to have the ability to know if a user has purchased an access point and plugged it into my network. Any thoughts are appreciated. mrcorp ________________________________________________________________ The information contained in this message is intended only for the recipient, may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. Thank you, Standard & Poor's
