From: John Adams (jadams@inktomi.com)
Date: Tue Jun 11 2002 - 19:18:00 EDT
On Tue, 11 Jun 2002, ed d wrote:
> depending on how the clients in your network get their ip addresses, you
> might be able to search through your dhcp logs and pull all of the ap mac
> addresses.
>
> this discounts rogue aps with statics, but if i was to drop a rogue ap into
> a network, i would probably turn on dhcp, then let it go.
Ahh, but this is useless if the AP DHCPs an address and then NATs everyone
on wireless.
> a good site for mac address/vendor coorelation is:
> http://standards.ieee.org/regauth/oui/oui.txt
I disagree with the entire "find them by Vendor MAC prefix to find APs"
approach. Many vendors are assigned blocks of MAC prefixes (look at Cisco,
for example) and share these blocks between disparate devices, both wired
and wireless.
--john
-- John Adams . Sr. Security Engineer . Inktomi Corporation ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT