RE: Mapping wireless LANS from the wired side

From: Mike.Ruscher@CSE-CST.GC.CA
Date: Mon Aug 20 2001 - 14:26:26 PDT

  • Next message: freeholdat_private: "Re: Mapping wireless LANS from the wired side"

    Yes, MAC addresses by vendor will identify the device company, if one can
    assume they are valid and not spoofed. I do not see on the OUI site where
    the MAC addresses are associated with a company's particular device family
    though. This is essential for determining a wireless device from a wired
    one. Do most companies give this info out, or must it be extrapolated from
    -----Original Message-----
    From: woody weaver [mailto:woodyat_private]
    Sent: Monday, August 20, 2001 12:26 PM
    To: Mike.Ruscher@CSE-CST.GC.CA; pen-testat_private
    Subject: RE: Mapping wireless LANS from the wired side
    On Monday, August 20, 2001 5:45 AM, Mike.Ruscher@CSE-CST.GC.CA wrote:
    > When mapping a LAN topology, what are the general methods to use for
    > discovering access points and  wireless hosts from inside the
    > wired network.
    > This becomes important to detect rogue WLANS which are a
    > potential threat to
    > the enterprise as they might be behind firewalls etc.
    > I would expect that the MAC addresses for APs would be unique
    > to the various
    > vendors., as would the wireless NICs on the WLAN hosts. Are there any
    > scanning tools freely available that can do this kind of search?
    Indeed, identifying the access points by the OUI gathered from arp table
    information works.  The last time I did this sort of thing was by using a
    perl script that used fping to ping a range, and then to pull the
    arp cache, feed it into an SQL database, and use the OUI information at
    <> to figure out the nature
    of the device.
    The scripts are not complex.  I can send a copy if there is interest.
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 14:29:41 PDT