Airwave is also able to correlate the radius accounting/login
information to the mac-address/ip and can show you a history of
time/location as well. So even if you don't "catch" them online it will
give you a history of where they were seen and/or the login name/auth
information used.
-justin
Matt Grover wrote:
We have used Splunk which we have monitoring our logs anyway. We
configure Splunk to generate alerts when it sees log entries for known
stolen mac addresses asssociating with the system. We can then go on
site with a hand held tool to find the client device. If the person
with the stolen device is unwise enough to actually log into the
system it's even easier to id them.
-Matt
Lee H Badman wrote:
Unfortunately, we experience the occasional theft of University-owned
or personal laptops. Using Cisco WCS, we can certainly find the last
place a device was, if the wireless adapter was on, before it
egressed campus. What is missing is a mechanism to “flag” a MAC
address to alert on a client device if it pops back up on the network
so there may be an opportunity to react.
Has anyone else faced and conquered alerting on specific clients (for
whatever reason)?
Thanks-
Lee
--
Justin Hao
Network Engineer
Texas A&M University
Networking and Information Security
[email protected]
(979)862-2162
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
