RE: HW/SW Rogue AP Wireless Detection

From: MILES John M (John.Miles@co.lane.or.us)
Date: Fri Mar 14 2003 - 15:44:52 EST

True, it does, but given that 11b is so much more common, we are doing
frequent checks with the iPAQ & mini-stubler, and occasional cheks with a
laptop running linux & ethereal with a cisco 802.11a card

-----Original Message-----
From: R. DuFresne [mailto:dufresne@sysinfo.com]
Sent: Friday, March 14, 2003 12:05 PM
To: MILES John M
Cc: 'Rob Shein'; 'Dan Lynch'; pen-test@securityfocus.com
Subject: RE: HW/SW Rogue AP Wireless Detection

doesn't this setiup though limit you to 802.11b scanning and thus leave you
open to rogue 802.11a AP's?

Thanks,

Ron DuFresne

On Fri, 14 Mar 2003, MILES John M wrote:

> Completely agreed, in our war-drives through our facilities to find
> rouge access points, the best combiniation we have found is an iPAQ,
> with the dual-pcmcia sleeve, a Lucent/Orinoco card, mini-stumbler, and
> a good external antenna.
>
> -----Original Message-----
> From: Rob Shein [mailto:shoten@starpower.net]
> Sent: Friday, March 14, 2003 9:02 AM
> To: 'Dan Lynch'; pen-test@securityfocus.com
> Subject: RE: HW/SW Rogue AP Wireless Detection
>
>
> Dan,
>
> Your better choice is an iPAQ with the PC Card "expansion sleeve
> plus," which adds a second battery to the equation. This gives you
> longer life, and also allows you to use a Lucent/Cisco PC Card adapter
> that can accept an external antenna, which will give you better range.
>
> > -----Original Message-----
> > From: Dan Lynch [mailto:dan.lynch@placer.ca.gov]
> > Sent: Thursday, March 13, 2003 7:43 PM
> > To: pen-test@securityfocus.com
> > Subject: Re: HW/SW Rogue AP Wireless Detection
> >
> >
> > Gary,
> >
> > I recently acquired a Toshiba e740 for that purpose. It's a
> > reasonably priced and perfectly competent little Windows CE device.
> > But I've also found that its wireless capabilities are limited due
> > to the small amount of power available. First, running with the
> > built-in antenna enabled depletes a full battery in under an hour.
> > Second, you need to be pretty danged close to an AP to detect it.
> >
> > As for software, PocketWarrior (www.pocketwarrior.org), and Cirond's
> > Winc (www.cirond.com/site/products/wifispotter),
> > along with the built-in Windows CE "Wireless LAN Utility"
> > does the trick.
> >
> > Finding these limitations though has sent me in search of a better
> > solution. From NetStumbler.org I found reference to
> > www.fab-corp.com, where they offer LinkSys and DLink "starter kits"
> > (antennas and cables), as well as NICs, etc. I hear they offer
> > special discounts for "net stumblers". But I haven't tried out any
> > of those solutions or compared prices yet.
> >
> > Best of luck,
> >
> > Dan Lynch
> > County of Placer
> > Auburn, CA
> >
> >
> > >>> Gary Nugent <garynugent@mobile.rogers.com> 03/12/03 10:27AM >>>
> > Hello, there, I am looking for anyone who has had experience with a
> > combined (pref. PDA) device for signal detection/analysis. I am
> > familiar with the Fluke Ipaq-based product
> > (http://www.flukenetworks.com/us/LAN/Handheld+Testers/WaveRunn
> er/Overview.htm),
> but it is quite expensive (app. $2500 US or more). The rogue AP
> detection is a crucial part of this. Any thoughts?
>
> Regards,
>
> Gary Nugent
> E gary.nugent@acrodex.com
>
>
> --------------------------------------------------------------------
> This message originated from a mobile.rogers.com webmail account. Ce
> message provient d'un compte de courriel web mobile.rogers.com.
> --------------------------------------------------------------------
>
> ----------------------------------------------------------------------
> ------
>
> Are your vulnerability scans producing just another report? Manage the
> entire remediation process with StillSecure VAM's Vulnerability Repair
> Workflow. Download a free 15-day trial:
> http://www2.stillsecure.com/download/sf_vuln_list.html
>
>
>
>
>
> ----------------------------------------------------------------------
> ------
> Did you know that you have VNC running on your network?
> Your hacker does. Plug your security holes now!
> Download a free 15-day trial of VAM:
> http://www2.stillsecure.com/download/sf_vuln_list.html
>
>
> ----------------------------------------------------------------------
> ------
> Did you know that you have VNC running on your network?
> Your hacker does. Plug your security holes now!
> Download a free 15-day trial of VAM:
> http://www2.stillsecure.com/download/sf_vuln_list.html
>
> ----------------------------------------------------------------------
> ------
> Did you know that you have VNC running on your network?
> Your hacker does. Plug your security holes now!
> Download a free 15-day trial of VAM:
> http://www2.stillsecure.com/download/sf_vuln_list.html
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
----------------------------------------------------------------------------
Did you know that you have VNC running on your network? 
Your hacker does. Plug your security holes now! 
Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:30 EDT