RE: Mapping wireless LANS from the wired side

From: Mike.Ruscher@CSE-CST.GC.CA
Date: Mon Aug 20 2001 - 14:26:26 PDT

Next message: freeholdat_private: "Re: Mapping wireless LANS from the wired side"

Previous message: Ichinin: "Re: Mapping wireless LANS from the wired side"
Maybe in reply to: Mike.Ruscher@CSE-CST.GC.CA: "Mapping wireless LANS from the wired side"
Next in thread: freeholdat_private: "Re: Mapping wireless LANS from the wired side"
Reply: freeholdat_private: "Re: Mapping wireless LANS from the wired side"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, MAC addresses by vendor will identify the device company, if one can
assume they are valid and not spoofed. I do not see on the OUI site where
the MAC addresses are associated with a company's particular device family
though. This is essential for determining a wireless device from a wired
one. Do most companies give this info out, or must it be extrapolated from
experience?

mgr

-----Original Message-----
From: woody weaver [mailto:woodyat_private]
Sent: Monday, August 20, 2001 12:26 PM
To: Mike.Ruscher@CSE-CST.GC.CA; pen-testat_private
Subject: RE: Mapping wireless LANS from the wired side

On Monday, August 20, 2001 5:45 AM, Mike.Ruscher@CSE-CST.GC.CA wrote:
[...]

> When mapping a LAN topology, what are the general methods to use for
> discovering access points and  wireless hosts from inside the
> wired network.
> This becomes important to detect rogue WLANS which are a
> potential threat to
> the enterprise as they might be behind firewalls etc.
>
> I would expect that the MAC addresses for APs would be unique
> to the various
> vendors., as would the wireless NICs on the WLAN hosts. Are there any
> scanning tools freely available that can do this kind of search?

Indeed, identifying the access points by the OUI gathered from arp table
information works.  The last time I did this sort of thing was by using a
perl script that used fping to ping a range, and then SNMP.pm to pull the
arp cache, feed it into an SQL database, and use the OUI information at
<http://standards.ieee.org/regauth/oui/index.shtml> to figure out the nature
of the device.

The scripts are not complex.  I can send a copy if there is interest.

--woody

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: freeholdat_private: "Re: Mapping wireless LANS from the wired side"
Previous message: Ichinin: "Re: Mapping wireless LANS from the wired side"
Maybe in reply to: Mike.Ruscher@CSE-CST.GC.CA: "Mapping wireless LANS from the wired side"
Next in thread: freeholdat_private: "Re: Mapping wireless LANS from the wired side"
Reply: freeholdat_private: "Re: Mapping wireless LANS from the wired side"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 14:29:41 PDT