Re: Re: Identification of non Cisco AP's

From: mox11@charter.net
Date: Wed Jul 27 2005 - 17:37:15 EDT

• Next message: Daniele Bellucci: "Some trouble with yersinia"
• Previous message: Miguel Dilaj: "RE: IPS Comparison"
• Maybe in reply to: Sherwood R. Probeck: "Re: Identification of non Cisco AP's"
• Next in thread: seventil@gmail.com: "Re: Re: Re: Identification of non Cisco AP's"
• Maybe reply: seventil@gmail.com: "Re: Re: Re: Identification of non Cisco AP's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Here's a poor mans' fix

Ping the broadcast address of your network.
Most machines should reply.
arp -an to determine MAC addresses or run PERL script (let me know if you need the code)
The first 3 bits of the MAC will tell you the vendor
http://standards.ieee.org/regauth/oui/index.shtml has most vendors available(OUI DB).
I'd throw what you get into a database and filter everything but Cisco. Then run queries on the rest.
There is a PERL script to automate some of this process if you like I'll post it.
micro.
>
> From: Ian Gorrie <iag@locked.net>
> Date: 2005/07/27 Wed AM 03:39:41 EDT
> To: Jonathan Gauntt <jon0966@yahoo.com>
> CC: security-management@securityfocus.com, pen-test@securityfocus.com
> Subject: Re: Identification of non Cisco AP's
>
> On the wire detection is shoddy at best. Usually commercial scanners
> will only detect default configurations.
>
> that being said, most products that I've looked at (such as Lumeta
> IPSonar for instance) work by scanning for banners on webservers that
> are running on the APs. If you use a product that scans 80 and 443 for
> banners that match an APs, you might get somewhere.
>
> Not running an obvious banner, disabled, or not matching a signature?
> You'll be out of luck unless you are tricky and can somehow determine
> that it is a packet forwarding device.
>
> 802.11x on the network doesn't sound like such a bad idea now, does it? :)
>
> -i
>
> Jonathan Gauntt wrote:
> > Hi,
> >
> > I have been tasked with the project of scanning and identifying all
> > non Cisco wireless access points within the company?s network.
> >
> > We have about 800 /22 and /24 subnets, and because of the IP
> > addressing scheme in place, might just be easier for me to scan the
> > whole class A range of IP?s.
> >
> > I have access to Nessus and GFI Security Scanner. Since we over 8000
> > IP?s in place, does anyone have any advice on the best way to
> > identify these non Cisco AP?s such as Linksys and Netgear, etc.
> >
> > I wouldn?t want to have a report produced that is two miles long
> > unless absolutely necessary.
> >
> > Thanks,
> >
> >
> > Jonathan
> >
> >
> >
> >
>

• Next message: Daniele Bellucci: "Some trouble with yersinia"
• Previous message: Miguel Dilaj: "RE: IPS Comparison"
• Maybe in reply to: Sherwood R. Probeck: "Re: Identification of non Cisco AP's"
• Next in thread: seventil@gmail.com: "Re: Re: Re: Identification of non Cisco AP's"
• Maybe reply: seventil@gmail.com: "Re: Re: Re: Identification of non Cisco AP's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:39 EDT