x2 on the NAT issue. Especially since wireless routers are way more
popular and available in store than wireless APs.
I think it's going to take a multi-tiered approach to finding the
APs/routers:
In place of an expensive NAC that will most likely use of client to
detect a NAT device I'm looking at a combination of :
1) I was playing with p0f (http://lcamtuf.coredump.cx/p0f3/) last year
for possibly detecting wireless routers. There is some promise there but
false positives exist in my experience with this software.
2) DHCP fingerprinting. We use Infoblox and it's built into the system.
3) Check your dhcp logs for known default AP/Router hosts names. For
instance, by default, you'll see the string "airport" in your DHCP logs
for airport express. Linksys used "WAP" for APs and WRT for routers. The
model numbers change and will need to be updated. A csv can be kept of
known model numbers and alerting can be easily scripted. If you use DHCP
snooping, looking in the files in your TFTP directory should give you
the switch port easily once you have the mac/IP.
The wireless controller system will tell you where the rogues are and
narrow down where to look for the switch port using the 3 methods above.
With some development time, the whole process can be automated .
On 10/16/2014 11:40 AM, Hunter Fuller wrote:
If the user connects a home gateway box (or anything else doing PAT)
then the university equipment will only see one MAC and one IP,
unfortunately :(
On Oct 16, 2014 10:36 AM, "Justin Pederson"
<[email protected]
<mailto:[email protected]>> wrote:
From a technical standpoint, why not just use port security on you
wired networks to only allow 1 MAC address at a time. There should
be no rouge APs and the students could still use the wireless and
wired networks. I have been rolling this around in my head for a
little while now. The only thing you should have to cover is
cellular tethering, but from my experience, most of these devices
don't have much power behind the radio.
On Thu, Oct 16, 2014 at 9:13 AM, Ian McDonald
<[email protected] <mailto:[email protected]>> wrote:
Breach of your written policy prohibiting such things isn’t a
disciplinary matter? And can’t be fixed with your disciplinary
system?
*From:*The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of *T.
Shayne Ghere
*Sent:* 16 October 2014 16:11
*To:* [email protected]
<mailto:[email protected]>
*Subject:* [WIRELESS-LAN] Wireless in Dorms
Good morning.
Let me say first off, we’re nearly a complete Cisco shop other
than our Firewalls right now. We are running 3 – Cisco 5508
Wireless Lan Controllers and Cisco WCS.
The AP’s in the Dorm’s and Greek houses are all 1142N AP’s and
have been spaced accordingly by Cisco and by us during the
introduction of wireless in the Dorms, Greeks and Single housing.
We are having a heck of a time with all the interference that
the students bring with them making our wireless nearly
unusable. I know this topic has come up in the past, but this
year is one of the worst we’ve seen, and the students are
getting restless.
We have the ability to quarantine rogue Wireless clients,
however according to a recent Court case against a large Hotel
Chain, it was decided that on an open free wireless spectrum,
we would be breaking the law in jamming it.
How have you addressed this issue? I’m about ready to ask
upper management to remove the AP’s in all the Dorm buildings
and let the students bring their own AP’s if they want
wireless. Has anyone resorted to this?
Thanks for your input
Shayne
********** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
--
Thanks,
Justin Pederson
IT Network Coordinator
Casper College
(307)268-2481 <tel:%28307%29268-2481>
********** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
********** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
