I don't believe that Netstumbler catches devices that hide their SSID.
While Cisco's WLSE 2.5 identifies rogues, it's not a solution I would get just to identify rogues. WLSE remains primarily a configuration system for AP's. Of course, if you already have Cisco AP's, then WLSE is a no-braine
If you want to do some distributed wireless security monitoring, you might want to look at a solution from AirDefense or AirMagnet. Network Chemistry has a cheap monitoring solution.
As for wire side detection, it's rather difficulty because the Ethernet MAC may or may not be the same as the w
Not on the wired side, but still interesting
to mention:
Cisco has developped CCX (Cisco Compatible eXtensions)
That architecture is being adopted by many Wi-Fi chip manufacturers.
(available beyond Cisco products)
It has, besides other things, a built-in tattletale (or Nark)
function.
Both, APs
Here are a few hints Re: Rogue AP Detection:
1. We found that they usually pop up in areas of low or no coverage (of
campus wireless network). So, generally people will take them home, if
you provide better coverage at their spot...
2. Some WLAN software management tools have introduced Rogue AP
On Feb 17, 2004, at 11:29 AM, John Watters wrote:
If you have Cisco gear, you might try enabling POT SECURITY to limit
the number of MAC addresses
seen on each port. We set our general ports to a max of 2 MAC
addresses which allows for easy
change to a new desktop machine but typically hurts wirel
& their PC). Ports with known wireless APs are set higher (number
depending on location
& typical use).
-jcw
> To: [EMAIL PROTECTED]
> From: Sean Che <[EMAIL PROTECTED]>
> Date: Tue, 17 Feb 2004 14:23:06 -0500
> Subject: [WIRELESS-LAN] locate the rogue AP from wire
Our campus, as all other universities in US, has lots of rogue APs.
People spent less than 100 dollars each bought them from Bestbuy or
circuitcity and plug them into the campus wired network. A large portion
of the Rogue AP population even don't have WEP on. Everybody agrees
that it could cause
