Pretty confident finding the MACs behind a NAT device is impossible. I do remember some discussion on this list (or the Moto one) that suggested a white paper by a company that had created software that can intelligently guess if there was NAT judging by how it created sockets.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 "When you have eliminated the impossible, that which remains, however improbable, must be the truth." --- Sir Arthur Conan Doyle On Fri, Aug 21, 2009 at 6:38 PM, ralph <ralphli...@bsrg.org> wrote: > Rogue detection mostly a joke. Now before you go all whacky on me- I don't > mean that it is a joke to want to know if you have someone who has brought > an AP into the office building and inadvertently created a hole in the > armor. I just mean that there is very little use for it other than that. > > When I was the "Wireless Subject Matter Expert" for Coca-Cola, I would have > loved this in our corporate headquarters. I actually tried to buy an IDS > but could not fund it. A 25 floor reflective glass and steel office > building > is generally isolated enough from the outside world that a rogue showing up > WOULD likely be on your network. Only place I see any use is in a > controlled > place like that. And by the way, I shut down many a rogue using Airmagnet > Laptop's "geiger counter" function. The highlight of the day was the > shocked look on someone's face when I would barge into their office, unplug > the AP and put it and all the wires on their desk all in about 10 seconds! > > Since then, I have done many outdoor mesh systems and indoor wireless > systems using the Cisco Wireless LAN Controller based product. > They include rogue AP detection and it is not only a royal pain, it cannot > be disabled. Who cares if Joe down on the corner has an AP? > Rogue detection wastes time and resources and is truly only accurate/usable > in a controlled setting. In a four square mile city, I had 300-400 rogue > alerts at any given time! I knew where every Linksys was in the city. And > heaven forbid you had a node near a Wal-Mart or Home Depot. > > I saw Ruckus' announcement with their controller product and thought "now > there's another company that is introducing something that really serves no > purpose". > > Anyway- just my two cents about rogue detection > > Ralph > -----Original Message----- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of Faisal Imtiaz > Sent: Friday, August 21, 2009 5:27 PM > To: 'WISPA General List' > Subject: Re: [WISPA] Apartment Buildings > > Just as a FYI..... Systems like Ruckus Wireless have built in 'Rouge AP' > detection capabilities. Which would allow you to manage such from remote, > without the need to do a 'fly by'. > > > > Faisal Imtiaz > > -----Original Message----- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of Eric Rogers > Sent: Friday, August 21, 2009 5:17 PM > To: WISPA General List > Subject: Re: [WISPA] Apartment Buildings > > We deploy in fairly dense housing editions for our wireless service and run > across this occasionally. We use PPPoE for logged in routers and DHCP to > put them in a "Not Configured" pool of IP addresses. During an > installation, we configure the routers for them, securing their wireless. > If someone plugs a new router in, by default, most routers use DHCP for > configuration. They get a page that says..."Your Router Lost it's > Configuration... Here is documentation on how to set it up." > In the instructions it walks them through setting up PPPoE and the wireless > on their network. > > We then drive through the edition quarterly to audit and if we find one > wide > open, we log into the router and set the WPA Key to NETWORK_WIDE_OPEN or > I_WAS_HERE. Then when they call we explain that neighbors may possibly be > able to get into their computer, they are usually... "Really, I didn't know > that." If they refuse to lock it down, or we find it multiple times, it > violates our Terms of Service and disable their account until they call in > and we tell them to stop doing it or we will disconnect their service and > that sharing is not permitted. > > We haven't had very many problems with it. We actually had someone call in > because they felt guilty for stealing one of our customer's internet. > We got there for a site-survey and found he was pulling off of Comcast, not > us. We left it... > > Eric Rogers > Precision Data Solutions, LLC > (317) 831-3000 x200 > > > -----Original Message----- > From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On > Behalf Of Scott Reed > Sent: Friday, August 21, 2009 4:00 PM > To: WISPA General List > Subject: Re: [WISPA] Apartment Buildings > > Sure, but the customer plugs that one connection into his own wireless > router and runs it as a DHCP server. > > richard sterne wrote: > > Could you not set the CPE to DHCP and the IP pool to allow only 1 IP > > address? > > > > Richard > > > > 2009/8/21 Eje Gustafsson <e...@wisp-router.com> > > > > > >> Not seen a single solution that can do that. That is the > functionality of > >> NAT to hide what is behind it. I take advantage of it all the time > when I'm > >> staying in hotels. Use my own AP that allows my wifi enabled devices > access > >> and connect to the hotels system and I'm paying a single fee for the > hotel > >> that charges for internet. > >> > >> Only way to "fight" it in a MTU type environment or even with > residential > >> is > >> educate the users and strike some fear into them that if they run > open APs > >> they could get in trouble if the others that piggy back on it does > illegal > >> things such as copyrighted filesharing, illegal p0rn or simply are > virus > >> infected and they this way risk getting infected and have their own > >> computers compromised and become BOT slaves. > >> > >> Plus also let them know that they are paying for specific service > speeds > >> and > >> if they let others use it a lot for free then themselves no longer > have the > >> speed for themselves and also possible point to the bit cap portion > of the > >> user agreement letting them know that their account could possibly be > shut > >> down prematurely because someone else is using up all their allow bit > >> count. > >> > >> > >> Some students will not care and there might be two apartment that > even > >> share > >> the cost of the service and then you cannot do much about it besides > maybe > >> limit per connections etc to choke them out. > >> > >> What we do at one location (granted all pre-wired) is that the > landlord is > >> paying a small fee each month but then we provide free internet to > the > >> tenants just fast enough to work for a individual doing normal web > browsing > >> but then we also provide upgrade service on a for pay basis. The > people > >> that > >> pay tend to be greedy and want it all to themselves ;) > >> > >> /Eje > >> > >> -----Original Message----- > >> From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] > On > >> Behalf Of Josh Luthman > >> Sent: Thursday, August 20, 2009 9:56 PM > >> To: sc...@brevardwireless.com; WISPA General List > >> Subject: Re: [WISPA] Apartment Buildings > >> > >> Mikrotik Hotspot does NOT have the capability of catching people > behind > >> NAT. > >> > >> Example: > >> > >> Joe buys a WRT54g. WRT54g bridges to the paid wireless network. Joe > buys > >> and account via laptop plugged into WRT54g. Joe plus in an AP behind > the > >> router and broadcasts ESSID "Free Internet". People mooch. > >> > >> Josh Luthman > >> Office: 937-552-2340 > >> Direct: 937-552-2343 > >> 1100 Wayne St > >> Suite 1337 > >> Troy, OH 45373 > >> > >> "When you have eliminated the impossible, that which remains, however > >> improbable, must be the truth." > >> --- Sir Arthur Conan Doyle > >> > >> > >> On Thu, Aug 20, 2009 at 10:51 PM, Scott Carullo > >> <sc...@brevardwireless.com>wrote: > >> > >> > >>> Mikrotik Hotspot between them and the internet.... > >>> > >>> Scott Carullo > >>> Brevard Wireless > >>> 321-205-1100 x102 > >>> > >>> -------- Original Message -------- > >>> > >>>> From: "Joe Laura" <joela...@superior1.com> > >>>> Sent: Thursday, August 20, 2009 10:17 PM > >>>> To: "WISPA General List" <wireless@wispa.org> > >>>> Subject: Re: [WISPA] Apartment Buildings > >>>> > >>>> I had a nightmare trying to do apartment complexes. I thought I > touched > >>>> > >>> on a > >>> > >>>> goldmine when all the signups started comming in. Then as tennants > >>>> > >>> started > >>> > >>>> firing up their own A/P's others would connect to them and cancel > >>>> > >>> service. > >>> > >>>> How are youll dealing with this? Joe Laura > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >> > ------------------------------------------------------------------------ > ---- > >> > >>> ---- > >>> > >>>> WISPA Wants You! Join today! > >>>> http://signup.wispa.org/ > >>>> > >>>> > >>> > >> > ------------------------------------------------------------------------ > ---- > >> > >>> ---- > >>> > >>>> WISPA Wireless List: wireless@wispa.org > >>>> > >>>> Subscribe/Unsubscribe: > >>>> http://lists.wispa.org/mailman/listinfo/wireless > >>>> > >>>> Archives: http://lists.wispa.org/pipermail/wireless/ > >>>> > >>> > >>> > >>> > >>> > >>> > >> > ------------------------------------------------------------------------ > ---- > >> ---- > >> > >>> WISPA Wants You! Join today! > >>> http://signup.wispa.org/ > >>> > >>> > >>> > >> > ------------------------------------------------------------------------ > ---- > >> ---- > >> > >>> WISPA Wireless List: wireless@wispa.org > >>> > >>> Subscribe/Unsubscribe: > >>> http://lists.wispa.org/mailman/listinfo/wireless > >>> > >>> Archives: http://lists.wispa.org/pipermail/wireless/ > >>> > >>> > >> > >> > ------------------------------------------------------------------------ > ---- > >> ---- > >> WISPA Wants You! Join today! > >> http://signup.wispa.org/ > >> > >> > ------------------------------------------------------------------------ > ---- > >> ---- > >> > >> WISPA Wireless List: wireless@wispa.org > >> > >> Subscribe/Unsubscribe: > >> http://lists.wispa.org/mailman/listinfo/wireless > >> > >> Archives: http://lists.wispa.org/pipermail/wireless/ > >> > >> > >> > >> > >> > >> > ------------------------------------------------------------------------ > -------- > >> WISPA Wants You! Join today! > >> http://signup.wispa.org/ > >> > >> > ------------------------------------------------------------------------ > -------- > >> > >> WISPA Wireless List: wireless@wispa.org > >> > >> Subscribe/Unsubscribe: > >> http://lists.wispa.org/mailman/listinfo/wireless > >> > >> Archives: http://lists.wispa.org/pipermail/wireless/ > >> > >> > > > > > > > ------------------------------------------------------------------------ > -------- > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > ------------------------------------------------------------------------ > -------- > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > ------------------------------------------------------------------------ > > > > > > No virus found in this incoming message. > > Checked by AVG - www.avg.com > > Version: 8.5.409 / Virus Database: 270.13.63/2317 - Release Date: > 08/21/09 06:04:00 > > > > > > -- > Scott Reed > Sr. Systems Engineer > GAB Midwest > 1-800-363-1544 x4000 > Cell: 260-273-7239 > > > > ------------------------------------------------------------------------ > -------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > ------------------------------------------------------------------------ > -------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.392 / Virus Database: 270.13.55/2301 - Release Date: > 08/21/09 06:04:00 > > > > ---------------------------------------------------------------------------- > ---- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > ---------------------------------------------------------------------------- > ---- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > ---------------------------------------------------------------------------- > ---- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > ---------------------------------------------------------------------------- > ---- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/