[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Detection of Rogue Access Points
I, uh...don't actually know how to do that. I've not done very much with
SNMP other than working with power management devices. If someone could
direct me to a good tutorial, that would be much appreciated.
--JR
On Thu, Oct 18, 2012 at 12:31 PM, Chris Boot <bootc at bootc.net> wrote:
> On 18/10/12 15:12, Joe Hamelin wrote:
>
>> On Thu, Oct 18, 2012 at 7:00 AM, Jonathan Rogers<quantumfoam at gmail.com>
>> wrote:
>>
>> I like the idea of looking at the ARP table periodically, but this
>>> presents
>>> some possible issues for us.
>>>
>>
>> Is it just WAPs that you are worried about or any rouge device at the
>> remote sites? If you're doing medical data then I would think that any
>> non-company device would be suspect. If that is the case then ARP
>> scraping
>> is the better way. Basically you need an inventory of what is at the
>> sites. This you should already have and if you don't, that is your first
>> step.
>>
>> A bit of perl and expect scripting would get you a long way to your goal.
>> Like I mentioned before, if you don't have the time/talent to script the
>> task, call out for a coder-for-hire.
>>
>
> You should be able to get the ARP table off a router using SNMP, which
> would be much cleaner than using expect to login to a router's management
> interface...
>
> HTH,
> Chris
>
>