[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Detection of Rogue Access Points
- Subject: Detection of Rogue Access Points
- From: bootc at bootc.net (Chris Boot)
- Date: Thu, 18 Oct 2012 17:31:05 +0100
- In-reply-to: <CAO0-hXZAWra0Ew0vEVFK5nwmPXsALf8pf7t=W6pjCHiCsfPKZw@mail.gmail.com>
- References: <CAC47Z9mEDndWoNUsXjUNgawifNtv4RXztLZgLZ2SLc4JTe0AGA@mail.gmail.com> <[email protected]> <CAC47Z9kT1Q6on=DgYSJJV343OMjxq472QpnCcLNQ9b2S19KbBA@mail.gmail.com> <CAO0-hXZAWra0Ew0vEVFK5nwmPXsALf8pf7t=W6pjCHiCsfPKZw@mail.gmail.com>
On 18/10/12 15:12, Joe Hamelin wrote:
> On Thu, Oct 18, 2012 at 7:00 AM, Jonathan Rogers<quantumfoam at gmail.com>
> wrote:
>
>> I like the idea of looking at the ARP table periodically, but this presents
>> some possible issues for us.
>
> Is it just WAPs that you are worried about or any rouge device at the
> remote sites? If you're doing medical data then I would think that any
> non-company device would be suspect. If that is the case then ARP scraping
> is the better way. Basically you need an inventory of what is at the
> sites. This you should already have and if you don't, that is your first
> step.
>
> A bit of perl and expect scripting would get you a long way to your goal.
> Like I mentioned before, if you don't have the time/talent to script the
> task, call out for a coder-for-hire.
You should be able to get the ARP table off a router using SNMP, which
would be much cleaner than using expect to login to a router's
management interface...
HTH,
Chris