RE: [WIRELESS-LAN] Rogue AP's

[Jason Cook]

We are revisiting this at the moment.

At this stage we won’t be worrying about the interference side so are looking 
more at security. So anything advertising our SSID’s and any devices on wired 
that offer open auth will be first targets. Then potentially onto all other 
wired devices offering networks (they should be using  the enterprise network). 
 It’s doubtful we’ll go much further than that but the plan is still developing.

Interfering devices will be targeted if they are found to be causing major 
problems, but there’s just too many rogues to go out there trying to track them 
all down.


--
Jason Cook
The University of Adelaide, AUSTRALIA 5005
Ph: +61 8 8313 4800

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Saturday, 27 February 2016 2:20 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Rogue AP's

We are a Cisco shop that uses the Airwave AMPs for management. We let the AMPs 
contain the rogues. It works reasonably well and certainly beats trying to it 
do it manually on the controllers. Right now we are seeing 2,279 rogues on our 
campus with the biggest category being HP printers.

We do have a policy that tells folks not to do this. But, there is really no 
penalty to them for ignoring the policy.

On a related note our legal folks are considering whether to let us continue to 
try to contain rogues on campus. Has any other campus been told not to do rogue 
containment?





-jcw
  [UA Logo]

John Watters   The University of Alabama
Office of Information Technology
205-348-3992


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Friday, February 26, 2016 8:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Rogue AP's

Wireless managers,  {cross referenced with NETMAN}
I am wondering if anyone has found an automatic way to block rogue AP’s on your 
network.   I know I can get a report from Airwave on rogue AP’s, but it seems 
like it would be time consuming to go after each of them individually.  I am 
curious how some of you handle this.  Do you have a method for blocking them?

Also, there are other products beginning to broadcast their own ssid as well 
including printers, connectify, etc.   How do you handle them?   Do you even 
have policy restricting those from your network?



Tim Tyler
Network Engineer
Beloit College

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Rogue AP's

[Thomas Carter]

Any type of over-the-air containment risks the wrath of the FCC. In light of 
recent rulings and fines, I’m not risking any manipulation on the airwaves; 
whether it’s deauths or jamming or whatever. We take care of it at a purely 
wired level (disable the port the APs/routers are connected to). As others 
mentioned printers/Roku/PS4s, etc are still an issue, but we try our best at 
the beginning of every semester to quash as many as possible (Fall – incoming 
freshmen, spring – new Christmas presents).  We also use communication and 
social pressure to help with the issue. We’ve even had issues resolved without 
our input – dorm residents see an “unapproved” SSID, find out who has it, and 
utilize RAs, etc to get it removed.

Thomas Carter
Network & Operations Manager
Austin College

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Watters, John
Sent: Friday, February 26, 2016 9:50 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Rogue AP's

We are a Cisco shop that uses the Airwave AMPs for management. We let the AMPs 
contain the rogues. It works reasonably well and certainly beats trying to it 
do it manually on the controllers. Right now we are seeing 2,279 rogues on our 
campus with the biggest category being HP printers.

We do have a policy that tells folks not to do this. But, there is really no 
penalty to them for ignoring the policy.

On a related note our legal folks are considering whether to let us continue to 
try to contain rogues on campus. Has any other campus been told not to do rogue 
containment?





-jcw
  [UA Logo]

John Watters   The University of Alabama
Office of Information Technology
205-348-3992


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Friday, February 26, 2016 8:40 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: [WIRELESS-LAN] Rogue AP's

Wireless managers,  {cross referenced with NETMAN}
I am wondering if anyone has found an automatic way to block rogue AP’s on your 
network.   I know I can get a report from Airwave on rogue AP’s, but it seems 
like it would be time consuming to go after each of them individually.  I am 
curious how some of you handle this.  Do you have a method for blocking them?

Also, there are other products beginning to broadcast their own ssid as well 
including printers, connectify, etc.   How do you handle them?   Do you even 
have policy restricting those from your network?



Tim Tyler
Network Engineer
Beloit College

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Rogue AP's

[Tim Tyler]

John,

Does AMPs leverage any blocking at the switch level or is done by
jamming wireless frequencies?  If it is jamming frequencies, don’t you run
the risk of blocking non campus residential home AP’s?



  Tim



*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Watters, John
*Sent:* Friday, February 26, 2016 9:50 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* Re: [WIRELESS-LAN] Rogue AP's



We are a Cisco shop that uses the Airwave AMPs for management. We let the
AMPs contain the rogues. It works reasonably well and certainly beats
trying to it do it manually on the controllers. Right now we are seeing
2,279 rogues on our campus with the biggest category being HP printers.



We do have a policy that tells folks not to do this. But, there is really
no penalty to them for ignoring the policy.



On a related note our legal folks are considering whether to let us
continue to try to contain rogues on campus. Has any other campus been told
not to do rogue containment?











-jcw
[image: UA Logo]




John Watters   The University of Alabama

Office of Information
Technology

205-348-3992





*From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [
mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] *On Behalf Of *Tim Tyler
*Sent:* Friday, February 26, 2016 8:40 AM
*To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
*Subject:* [WIRELESS-LAN] Rogue AP's



Wireless managers,  {cross referenced with NETMAN}

I am wondering if anyone has found an automatic way to block rogue AP’s on
your network.   I know I can get a report from Airwave on rogue AP’s, but
it seems like it would be time consuming to go after each of them
individually.  I am curious how some of you handle this.  Do you have a
method for blocking them?



Also, there are other products beginning to broadcast their own ssid as
well including printers, connectify, etc.   How do you handle them?   Do
you even have policy restricting those from your network?







Tim Tyler

Network Engineer

Beloit College



** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Rogue AP's

[Dan Lauing]

We used to... but we now don't spend much time trying to mitigate rogue APs
on our network.

Many wireless devices now come out of the box broadcasting their own SSID.
Some Rokus even disallow the turning off of their SSIDs - the only way to
get them to stop is to physically disconnect the radio. I've seen printers
that have a wireless toggle switch on the control panel that doesn't
actually turn off the wireless - the switch just toggles the blue LED.

We haven't entirely given up, however. I try to keep Residence Life up to
speed on our policies, such as wireless printers being a client on our
network, not a network unto their own, and especially let students know, as
I'm called to different areas on campus, that their neighbors' personal
devices can wreak havoc on their own wireless experience. Pitting the
students against themselves, I mean, making the students more aware of our
policies, has gone a long way.

We take less of a proactive measure and more of a tackle it when we see it
approach these days. Otherwise, there's too much tail-chasing.

I can't say that won't change in the future, but that's what we're
currently doing.

On Fri, Feb 26, 2016 at 8:40 AM, Tim Tyler  wrote:

> Wireless managers,  {cross referenced with NETMAN}
>
> I am wondering if anyone has found an automatic way to block rogue AP’s on
> your network.   I know I can get a report from Airwave on rogue AP’s, but
> it seems like it would be time consuming to go after each of them
> individually.  I am curious how some of you handle this.  Do you have a
> method for blocking them?
>
>
>
> Also, there are other products beginning to broadcast their own ssid as
> well including printers, connectify, etc.   How do you handle them?   Do
> you even have policy restricting those from your network?
>
>
>
>
>
>
>
> Tim Tyler
>
> Network Engineer
>
> Beloit College
>
>
> ** Participation and subscription information for this EDUCAUSE
> Constituent Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>


-- 

*dan b. lauing ii*
*Wireless Network Administrator*
*Mississippi College*

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Rogue AP's

[Watters, John]

We are a Cisco shop that uses the Airwave AMPs for management. We let the AMPs 
contain the rogues. It works reasonably well and certainly beats trying to it 
do it manually on the controllers. Right now we are seeing 2,279 rogues on our 
campus with the biggest category being HP printers.

We do have a policy that tells folks not to do this. But, there is really no 
penalty to them for ignoring the policy.

On a related note our legal folks are considering whether to let us continue to 
try to contain rogues on campus. Has any other campus been told not to do rogue 
containment?





-jcw
  [UA Logo]

John Watters   The University of Alabama
Office of Information Technology
205-348-3992

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Tim Tyler
Sent: Friday, February 26, 2016 8:40 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] Rogue AP's

Wireless managers,  {cross referenced with NETMAN}
I am wondering if anyone has found an automatic way to block rogue AP’s on your 
network.   I know I can get a report from Airwave on rogue AP’s, but it seems 
like it would be time consuming to go after each of them individually.  I am 
curious how some of you handle this.  Do you have a method for blocking them?

Also, there are other products beginning to broadcast their own ssid as well 
including printers, connectify, etc.   How do you handle them?   Do you even 
have policy restricting those from your network?



Tim Tyler
Network Engineer
Beloit College

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] Rogue AP's

[M. Sjulstad]

We too have the policy of no rogues, but I admit I don't go looking  
for them.  I know we have them, probably a lot more than I know of,  
but as long as they aren't causing problems, I don't really care.
Worst things I've seen are mis-configured APs that want to be a DHCP  
server and try handing out IPs on the wired side.


Mike


_
M. Sjulstad
Network/Electronics Engineer - IIT Dept.
St. Olaf College
Northfield, MN  55057
_
1-507-786-3835
[EMAIL PROTECTED]
www.stolaf.edu/people/sjulstad


On Apr 12, 2007, at 9:33 AM, Brian J David wrote:

I just wanted to here from other schools on what they are doing  
about Rogues. Is your policy not to allow them but don’t do too  
much to prevent them.


Do you let the dorms be the wild wild west? Or are you actively  
finding them and removing them through one means or another. We are  
an Aruba networks shop


and have some great capabilities for Rogue detection and prevention  
and wanted to get a feel what other schools process is concerning  
them. Also any horror stories that you would like to share?




Brian J David

Network Systems Engineer

Boston College



** Participation and subscription information for this  
EDUCAUSE Constituent Group discussion list can be found at http:// 
www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Rogue AP's

[Lee H Badman]

With wireless rolling out on a much larger scale on our campus, we are
revising our policy and attitude to be a bit more restrictive in both
philosophy and practice when it comes to UNCOORDINATED rogues... We are
also taking a stab at coordinating not just APs, but also ANY wireless
system- classroom response systems, wireless AV, etc.- trying to keep
the environment somewhat under control as more wireless technologies
hit. Not always restrictive per se, but more coordinated.
 
Lee H. Badman
Wireless/Network Engineer
KC2IYK, CWNA/CWSP
Information Technology and Services
Syracuse University
315 443-3003


From: M. Sjulstad [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 12, 2007 11:32 AM
To: [EMAIL PROTECTED]
Subject: Re: [WIRELESS-LAN] Rogue AP's
 
We too have the policy of no rogues, but I admit I don't go looking for
them.  I know we have them, probably a lot more than I know of, but as
long as they aren't causing problems, I don't really care.   Worst
things I've seen are mis-configured APs that want to be a DHCP server
and try handing out IPs on the wired side.
 
Mike
 
 
_
M. Sjulstad
Network/Electronics Engineer - IIT Dept.
St. Olaf College
Northfield, MN  55057
_
1-507-786-3835
[EMAIL PROTECTED]
www.stolaf.edu/people/sjulstad



 
On Apr 12, 2007, at 9:33 AM, Brian J David wrote:



I just wanted to here from other schools on what they are doing about
Rogues. Is your policy not to allow them but don't do too much to
prevent them.
Do you let the dorms be the wild wild west? Or are you actively finding
them and removing them through one means or another. We are an Aruba
networks shop
and have some great capabilities for Rogue detection and prevention and
wanted to get a feel what other schools process is concerning them. Also
any horror stories that you would like to share?
 
Brian J David
Network Systems Engineer
Boston College
 
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
 
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Rogue AP's

[ktaillon]

Will you be using the Containment option in the WCS? Or hunting down the
units and removing them from the Network. Could someone point out some of
the pro's and con's to using containment..
 

  _  

From: Lee H Badman [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 12, 2007 11:40 AM
To: [EMAIL PROTECTED]
Subject: Re: [WIRELESS-LAN] Rogue AP's


With wireless rolling out on a much larger scale on our campus, we are
revising our policy and attitude to be a bit more restrictive in both
philosophy and practice when it comes to UNCOORDINATED rogues. We are also
taking a stab at coordinating not just APs, but also ANY wireless system-
classroom response systems, wireless AV, etc.- trying to keep the
environment somewhat under control as more wireless technologies hit. Not
always restrictive per se, but more coordinated.
 
Lee H. Badman
Wireless/Network Engineer
KC2IYK, CWNA/CWSP
Information Technology and Services
Syracuse University
315 443-3003
  _  

From: M. Sjulstad [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 12, 2007 11:32 AM
To: [EMAIL PROTECTED]
Subject: Re: [WIRELESS-LAN] Rogue AP's
 
We too have the policy of no rogues, but I admit I don't go looking for
them.  I know we have them, probably a lot more than I know of, but as long
as they aren't causing problems, I don't really care.   Worst things I've
seen are mis-configured APs that want to be a DHCP server and try handing
out IPs on the wired side.
 
Mike
 
 
_
M. Sjulstad
Network/Electronics Engineer - IIT Dept.
St. Olaf College
Northfield, MN  55057
_
1-507-786-3835
[EMAIL PROTECTED]
www.stolaf.edu/people/sjulstad



 
On Apr 12, 2007, at 9:33 AM, Brian J David wrote:



I just wanted to here from other schools on what they are doing about
Rogues. Is your policy not to allow them but don't do too much to prevent
them.
Do you let the dorms be the wild wild west? Or are you actively finding them
and removing them through one means or another. We are an Aruba networks
shop
and have some great capabilities for Rogue detection and prevention and
wanted to get a feel what other schools process is concerning them. Also any
horror stories that you would like to share?
 
Brian J David
Network Systems Engineer
Boston College
 
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
 
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. ** Participation and subscription
information for this EDUCAUSE Constituent Group discussion list can be found
at http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Rogue AP's

[Lee H Badman]

For us, containment is a bit risky- we are surrounded by hospitals,
residences, etc- their devices can show up as rogues. Would be bad to
contain these. We're relying on a lot of communication/cooperation and
growing a new culture as we go- which is actually gaining traction. For
students, we ask them to remove, if they don't- ports can get shut down.
But where we have 100% wireless, we are seeing far fewer rogues. And
anything we do has CIO sponsorship, and is being well-communicated to
all.
 
Lee


From: ktaillon [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 12, 2007 11:54 AM
To: [EMAIL PROTECTED]
Subject: Re: [WIRELESS-LAN] Rogue AP's
 
Will you be using the Containment option in the WCS? Or hunting down the
units and removing them from the Network. Could someone point out some
of the pro's and con's to using containment..
 
 


From: Lee H Badman [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 12, 2007 11:40 AM
To: [EMAIL PROTECTED]
Subject: Re: [WIRELESS-LAN] Rogue AP's
With wireless rolling out on a much larger scale on our campus, we are
revising our policy and attitude to be a bit more restrictive in both
philosophy and practice when it comes to UNCOORDINATED rogues... We are
also taking a stab at coordinating not just APs, but also ANY wireless
system- classroom response systems, wireless AV, etc.- trying to keep
the environment somewhat under control as more wireless technologies
hit. Not always restrictive per se, but more coordinated.
 
Lee H. Badman
Wireless/Network Engineer
KC2IYK, CWNA/CWSP
Information Technology and Services
Syracuse University
315 443-3003


From: M. Sjulstad [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 12, 2007 11:32 AM
To: [EMAIL PROTECTED]
Subject: Re: [WIRELESS-LAN] Rogue AP's
 
We too have the policy of no rogues, but I admit I don't go looking for
them.  I know we have them, probably a lot more than I know of, but as
long as they aren't causing problems, I don't really care.   Worst
things I've seen are mis-configured APs that want to be a DHCP server
and try handing out IPs on the wired side.
 
Mike
 
 
_
M. Sjulstad
Network/Electronics Engineer - IIT Dept.
St. Olaf College
Northfield, MN  55057
_
1-507-786-3835
[EMAIL PROTECTED]
www.stolaf.edu/people/sjulstad



 
On Apr 12, 2007, at 9:33 AM, Brian J David wrote:



I just wanted to here from other schools on what they are doing about
Rogues. Is your policy not to allow them but don't do too much to
prevent them.
Do you let the dorms be the wild wild west? Or are you actively finding
them and removing them through one means or another. We are an Aruba
networks shop
and have some great capabilities for Rogue detection and prevention and
wanted to get a feel what other schools process is concerning them. Also
any horror stories that you would like to share?
 
Brian J David
Network Systems Engineer
Boston College
 
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
 
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/. ** Participation and
subscription information for this EDUCAUSE Constituent Group discussion
list can be found at http://www.educause.edu/groups/.
** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] Rogue AP's

[Frank Bulk]

Comments in-line.
 
Frank

  _  

From: Emerson Parker [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 12, 2007 11:20 AM
To: [EMAIL PROTECTED]
Subject: Re: [WIRELESS-LAN] Rogue AP's


Rogue containment does have some drawbacks in performance under certain
scenarios..
 
Rogue scanning:
 
If you have a valid AP that is capable of scanning other channels for
rogues, it can take 5-7 minutes to find the rogue if there is minimal
traffic on the device.  This is a simple factor of the scan interval and
channel dwell time.  
 
FB It would frighten me if it actually took a WLAN infrastructure vendor
5-7 minutes to find a rogue AP, even if their 'sensor' was an AP acting in
both modes.  Most of the WIDPS vendors identified rogues in seconds, with
Network Chemistry and AirTight generally being the fastest.  AirMagnet can
have a several-minute delay depending on when the sensor submits it's batch
to the server.
 
 These scanning intervals are generally configurable. For instance, you can
configure scanning to occur every x seconds and for x amount of
milliseconds.  Vendors should have the ability to not go off-channel and
stop scanning if there is certain types of traffic present on the APs set
channel (extended ACL, VoIP, gold queue, etc). 
 
FB It would be ideal if WLAN customers didn't have to worry about it.  Most
of the time defaults are OK.  It's true that time-sensitive wireless traffic
can be affected by the scan settings, and WLAN vendors are doing a better
job of mitigating and working around that, but it's still not perfect.
 
Finding a rogue:
 
so lets say an AP that is serving clients is on channel 1 and during the
scan interval, they found a rogue on channel 13 (people try to hide rogues
on international channels).
 
What do you want the AP to do?  If you disassociate clients attached to the
rogue over the air, this takes time away from the users being served on
channel 1.  A rogue AP can act as a DoS attack on valid APs.  The valid AP
is spending all of its time deauthing and not serving clients.
 
This to should be a configurable option.  killing rogues at the expense of
valid clients, or kill the rogues during your scan interval.  If a rogue
comes up on channel 1, the AP can easily kill the rogue and continue serving
its clients but that is rarely the case!
 
Dedicated rogue killers:
 
if you have a few dedicated AP acting as rogue killers, then you can happily
kill rogues all day and do all kinds of other kool stuff.  A rogue killer AP
only needs to hear and txmit at the 1-2mbps range to kill rogues over vast
distances so you can spread them out thin. 
 
FB At the end of the day, if you want best in class capabilities you need
to set asides units to act solely as sensor or air monitors. 
 
LAN based rogue killing:
 
Some Wireless infrastructure can kill rogues from the LAN by looking at MAC
forwarding tables and shutting down ports on a switch.  Some vendors will do
an ARP-poison attack  in conjunction with what is going on out in the air.. 
 
FB Bridge APs, as mentioned earlier, can be nearly invisible.  Fortunately,
they aren't very popular in retail stores. 
 
conclusion:  If you have some dedicated resources (APs) to kill rogues, do
it.

  _  

From: ktaillon [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 12, 2007 11:54 AM
To: [EMAIL PROTECTED]
Subject: Re: [WIRELESS-LAN] Rogue AP's


Will you be using the Containment option in the WCS? Or hunting down the
units and removing them from the Network. Could someone point out some of
the pro's and con's to using containment..
 

  _  

From: Lee H Badman [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 12, 2007 11:40 AM
To: [EMAIL PROTECTED]
Subject: Re: [WIRELESS-LAN] Rogue AP's


With wireless rolling out on a much larger scale on our campus, we are
revising our policy and attitude to be a bit more restrictive in both
philosophy and practice when it comes to UNCOORDINATED rogues. We are also
taking a stab at coordinating not just APs, but also ANY wireless system-
classroom response systems, wireless AV, etc.- trying to keep the
environment somewhat under control as more wireless technologies hit. Not
always restrictive per se, but more coordinated.
 
Lee H. Badman
Wireless/Network Engineer
KC2IYK, CWNA/CWSP
Information Technology and Services
Syracuse University
315 443-3003
  _  

From: M. Sjulstad [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 12, 2007 11:32 AM
To: [EMAIL PROTECTED]
Subject: Re: [WIRELESS-LAN] Rogue AP's
 
We too have the policy of no rogues, but I admit I don't go looking for
them.  I know we have them, probably a lot more than I know of, but as long
as they aren't causing problems, I don't really care.   Worst things I've
seen are mis-configured APs that want to be a DHCP server and try handing
out IPs on the wired side.
 
Mike
 
 
_
M. Sjulstad
Network/Electronics Engineer - IIT Dept.
St. Olaf College
Northfield, MN  55057
_
1-507-786-3835
[EMAIL PROTECTED

Re: [WIRELESS-LAN] Rogue AP's

[Bruce Curtis]

On Apr 12, 2007, at 1:21 PM, Frank Bulk wrote:




FB Bridge APs, as mentioned earlier, can be nearly invisible.   
Fortunately, they aren't very popular in retail stores.



  It's usually easy to use the NAT-box/AP combos as a Bridge AP.  If  
students understand how they work and don't simply follow the  
instructions that come with the units they can use a NAT-box/AP as a  
Bridge AP.


---
Bruce Curtis [EMAIL PROTECTED]
Certified NetAnalyst II701-231-8527
North Dakota State University

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.