Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Wired detection of rogue access points

from [Adam Graham] Network Security [Permanent Link]
Subject: RE: Wired detection of rogue access points
Date: Mon, 19 Mar 2007 22:42:28 -0500 
I do two things. 
1) Use a mac scanner, I wrote one that scans periodically, and compares the
MACs with the MACs listed in my equipment database. It then displays the
details about the machine running the unknown mac address. I am planning on
adding countermeasures to this program. 

2) a wifi scanner (netstumbler, kismet, etc)

3) TREAT ALL WIRELESS NETWORKS AS HOSTILE!!!!


Now what I am about to say is not how to find rogue AP's as much as a system
to limit the exposure to them. 

I have 80 acres covered by 802.11 b/g in a metropolitan area on a city with
several million people. While this is not the easiest network to defend we
have a system that helps. All of our access points are custom built
ourselves running pebble linux. One reason we did this is there is a mini
PCI wireless card putting out 400mw (most are 200). We force all
authenticated connections in to a VPN connection. Is someone gets thru the
WEP/WPA/MAC Filtering they are stuck against tougher security standards. Our
access points lay outside the firewall and must a user must connect to the
VPN to gain access to anything (including internet access). If/When a rogue
AP shows up we generally know with in 5 or 10 min. We see lots of scanning
and probing in to our wireless network on a daily basis. We only take action
on the more extreme cases.

How we stop most un-authorized connections. I have a MySQL table loaded with
computernames, MAC and other information. There is a cronjob to dump the
list of MACs to a text file nightly (this can be run manually as well). Any
MAC showing up on the IPTables rule that is not on the list it's packets are
logged and dropped. 

I have not found a single application you can go buy to protect yourself.
Instead I use known, stable technologies to protect my network. I hope this
helps.


Check out
http://www.proxim.com/learn/library/whitepapers/Rogue_Access_Point_Detection
.pdf



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to 
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Wired detection of rogue access points, Johnny Wong
Next by Date:  Re: Wired detection of rogue access points, tim_holman
Previous by Thread:  Re: Wired detection of rogue access points, Michał Melewski
Next by Thread:  Re: Wired detection of rogue access points, Vladimir Vuksan
Indexes:  [Date] [Thread] [Top] [All Lists]