Re: Doing the impossible? Finding rogues from the wired side

lbadman · ‎11-15-2002

Wondering if anyone has found a valid tool (beyond the sourceforge APTools kind of stuff) to assist in finding APs by culling through the ARP tables on routers etc... brutal stuff here I know. Also- anything in a wireless frame/packets common to all APs (all vendors as part of 802.11) that can be filtered on at the router to possibly block traffic from rogue APs? I think not, but I'm scratchin at anything here...

Lee Badman

CWNA Network Engineer

ndoshi · ‎11-15-2002

Hi ,

In AP350 has fnew feature which may help you .

The process takes place as follows:

1. A client with a LEAP profile attempts to associate to a access point A.

2. Access point A does not handle LEAP authentication successfully, perhaps because the access point does not understand LEAP or cannot communicate to a trusted LEAP authentication server.

3. The client records the MAC address for access point A and the reason why the association failed.

4. The client associates successfully to access point B.

5. The client sends the MAC address of access point A and the reason code for the failure to access pont B.

6. Access point B logs the failure in the system log.

http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350rn/rn1200.htm

don.wolf · ‎11-20-2002

If multiple MAC's are connecting via the AP, would those MAC's not show up under the ports (the one the AP is connected to) list?

If so is there a way to automate the retrieval of ports with multiple MAC's?