Re: [WIRELESS-LAN] Rogue Detection- A Different Twist

[Sean Che]

Pete, Here's a table: Wireless device MAC OUI 0000f0  Samsung 00022d  Lucent (Orinoco) 0002b3  Intel 00032f   Global Sun Technology (Linksys) 00045a  Linksys 0010e7  BreezeCom (BreezeNet) 0020d8  NetWave Technologies (BayNetworks) 003065  Apple 004005  ANI Communications 004096  Aironet 00508b  Compaq 00601d  Lucent (WaveLan) 0090d1  Leichu Enterprise Co. (Addtron) 00a0f8   Symbol Technologies 00e029  Standard Microsystems Corp. 080002  3Com 080046  Sony 0020a6  Proxim Sean -- ------------------------------------- Sean(Xiangdong) Che Network Engineer Network Services Wayne State University Voice: (313)577-1922 Pager: (313)990-5403 Email: [EMAIL PROTECTED] ------------------------------------- Pete Hoffswell wrote: Nice.   While there are issues with wired-side detection of access points, I still think it's a great way to get most issues....   I have been trying to find a open-source version of this - scanning of mac address tables in Cisco switches and routers.    Specifically -   Pull ARP tables from routers Pull MAC tables from switches Cross-reference against access-point_mac_table_list notify of and/or shut down remote port   Does anyone have such a thing?    It would be simple to create, if I only had a good list of mac address prefixes for wireless...   It looks like someone tried - http://sourceforge.net/projects/wsrapd/  But never got off the ground.   Anyone have a good mac-address prefix table for wireless devices?   Thanks!   Pete Hoffswell                                            616-732-1101 (Grand Rapids, x1101) University LAN/WAN Coordinator              616-510-1198 (Mobile) IT Services                                                 [EMAIL PROTECTED] Davenport University                                  http://www.davenport.edu    -=-=- LAN/WAN services: http://networker.davenport.edu -=-=- >>> [EMAIL PROTECTED] 03/15/04 03:21PM >>> Not sure if anyone else has seen this company, but they are working specifically to detect unauthorized wireless devices through the wire- they are now up to detecting over a 150 different access points, both enterprise-class and consumer class. They are constantly refining their process, and I have used early versions and thought the approach was pretty cool, and long overdue: http://www.wimetrics.com/ As I mentioned, they are constantly refing, and striving to effectively detect rogues from the wired side. There's more to the game than sniffing the spectrum. Lee Lee H. Badman Network Engineer Computing and Media Services (NSS) 250 Machinery Hall Syracuse University Syracuse, NY 13244 (315) 443-3003 Voice (315) 443-1621 Fax ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.