Not on the wired side, but still interesting to mention: Cisco has developped CCX (Cisco Compatible eXtensions)
That architecture is being adopted by many Wi-Fi chip manufacturers. (available beyond Cisco products) It has, besides other things, a built-in tattletale (or Nark) function. Both, APs and Clients are becoming spies on the network, reporting rogue APs close to infrastructure or that users have encounter during "some time ago". How convenient for Network Administrators... user's privacy is another thing heh! Best, Philippe Hanset University of Tennessee On Tue, 17 Feb 2004, Predrag Radulovic wrote: > Here are a few hints Re: Rogue AP Detection: > > 1. We found that they usually pop up in areas of low or no coverage (of > campus wireless network). So, generally people will take them home, if > you provide better coverage at their spot... > > 2. Some WLAN software management tools have introduced Rogue AP detection > (via wired), but that is fairly rudimentary: trying SNMP with well known > community strings, telnet, http server - similar to OS fingerprinting. > You could devise a plan with all these options, but beware - this is > still very unreliable. > > 3. Netstumbler (and such) is the best method, but you may not catch it if > Rogue AP is not on when you survey. Even if you find one, that may not be > enough to identify a wired port. In order to catch the port (assuming NAT > on AP is on) you need to do something like attempt a connection to a > server (or just a ping) you have under control and trace back IP/MAC/port. > > 4. APs doing automatic Rogue AP detection: that is under development or > already released by key players. I haven't seen Cisco WLSE in action, but > a few screen captures looked interesting. Proxim AP2K will send a trap, > but then you have to do all the processing, etc. You still may not know > which port to shut down, but at least it reduces the number of field > visits! > > > -predrag > > --------------------------------------------------------------------- > Predrag Radulovic Phone: (865) 974-0301 > OIT - Network Services Fax: (865) 974-8655 > 2339 Dunford Hall > University of Tennessee, E-mail: [EMAIL PROTECTED] > Knoxville, TN 37996 http://web.utk.edu/~prerad > --------------------------------------------------------------------- > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group > discussion list can be found at http://www.educause.edu/cg/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
