In-Reply-To: <[EMAIL PROTECTED]>
Some high end detection products are available from www.airdefense.net Also some other sources such as aptools.sourceforge.net >Received: (qmail 27867 invoked from network); 10 Dec 2002 00:32:50 -0000 >Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26) > by mail.securityfocus.com with SMTP; 10 Dec 2002 00:32:50 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing.securityfocus.com (Postfix) with QMQP > id AE87D8F2B8; Mon, 9 Dec 2002 16:18:13 -0700 (MST) >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <security-basics.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >Received: (qmail 842 invoked from network); 9 Dec 2002 16:49:15 -0000 >Message-ID: <[EMAIL PROTECTED]> >Date: Mon, 09 Dec 2002 09:12:31 -0800 >From: Gene <[EMAIL PROTECTED]> >User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003 >X-Accept-Language: en-us, en >MIME-Version: 1.0 >To: "Boschmann, Armin" <[EMAIL PROTECTED]> >Cc: "'[EMAIL PROTECTED]'" <security- [EMAIL PROTECTED]> >Subject: Re: Wireless LAN detection >References: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset=us-ascii; format=flowed >Content-Transfer-Encoding: 7bit >X-OriginalArrivalTime: 09 Dec 2002 17:12:01.0054 (UTC) FILETIME= [167E03E0:01C29FA6] > >you could look at software like netreg to identify unknow hosts that >connects to your network and start your audit policy from that point... > >gene > >Boschmann, Armin wrote: >> We have a policy of no-wireless at our sites. I want to audit this policy, >> similar to war-dialing, or more correctly war-driving. >> >> My thinking is to find illegal wireless equipment in realtime. My concern >> is insiders (temporary employees, contractors, 'bad' employees) plugging in >> a wireless access point, then accessing our network from the street, then >> disconnecting. So I am envisioning a computer with a wireless receiver that >> will look for TCP/IP traffic, and tell me if it detects communications to >> any of our computers. >> >> I can see several problems, such as distinguishing between our 192.168.x.x >> addresses and those on WLANs of our neighbors. Also I would have to harden >> the wireless detection computer, and ideally not connect it to our network >> at all yet have some means of notifying me (pager, cell modem). >> >> Does anyone know of a product that does this? Or if you think my approach >> is suspect, suggest another one? >> >> >> Armin Boschmann >> [EMAIL PROTECTED] >> Manitoba Hydro >> > > >-- >Gene Yoo, [EMAIL PROTECTED] > >
