No, I plan on running Nmap also, I should have stated
that.
Jonathan
--- Todd Towles <toddtowles@brookshires.com> wrote:
You don't like simple Nmap with the -sV on?
-----Original Message-----
From: Jonathan Gauntt [mailto:jon0966@yahoo.com]
Sent: Thursday, July 28, 2005 12:35 AM
To: 'Ian Gorrie'
Cc: security-management@securityfocus.com;
pen-test@securityfocus.com
Subject: RE: Identification of non Cisco AP's
Thanks for the advice. If Superscan doesn't work
out I will
get a quote from Lumeta.
Jonathan
-----Original Message-----
From: Ian Gorrie [mailto:iag@locked.net]
Sent: Wednesday, July 27, 2005 2:40 AM
To: Jonathan Gauntt
Cc: security-management@securityfocus.com;
pen-test@securityfocus.com
Subject: Re: Identification of non Cisco AP's
On the wire detection is shoddy at best. Usually
commercial
scanners will only detect default configurations.
that being said, most products that I've looked at
(such as
Lumeta IPSonar for instance) work by scanning for
banners on
webservers that are running on the APs. If you
use a product
that scans 80 and 443 for banners that match an
APs, you
might get somewhere.
Not running an obvious banner, disabled, or not
matching a signature?
You'll be out of luck unless you are tricky and
can somehow
determine that it is a packet forwarding device.
802.11x on the network doesn't sound like such a
bad idea
now, does it? :)
-i
Jonathan Gauntt wrote:
Hi,
I have been tasked with the project of scanning
and identifying all
non Cisco wireless access points within the
company's network.
We have about 800 /22 and /24 subnets, and
because of the IP
addressing scheme in place, might just be easier
for me to scan the
whole class A range of IP's.
I have access to Nessus and GFI Security
Scanner. Since we
over 8000
IP's in place, does anyone have any advice on
the best way
to identify
these non Cisco AP's such as Linksys and
Netgear, etc.
I wouldn't want to have a report produced that
is two miles long
unless absolutely necessary.
Thanks,
Jonathan
