Rogue Access Point Detection?

Yossarian2000 asks: "With all the media attention WLANs have been getting lately, more and more businesses seem to be looking to better understand their implications as relates to company intranets. Whether a business is running a WLAN or not, detecting rogue access points is essential to maintaining some degree of security. Currently, it seems there are few options for detecting APs: subnet scans (which add overhead to the network and can still miss some APs), handheld devices (which require regular site surveys), and systems that use existing access points to detect rogues (this assumes you have APs covering your entire site). Has anyone heard of better methods for the detection of rogue APs?"

ObJurrasicParkQuote: I know this, this is Unix!

[Nathan+Ramella]

this should do the trick. It goes from 10Mhz up to 2.6ghz, which should cover 802.11b (2.412Ghz (ch 1) to 2.462Ghz (ch 11))

Shows signal strength too so you can do the James Bond homing-in-on-the-signal-with-gun-drawn type stuff.

-n

Re:Welll....

[shaitand]

mac based security is not the answer, it's so easy to clone a mac it's not even funny anymore. A mac is no more secure than an IP, anyone can set it.

MAC filtering revisited.

[billn]

It's mentioned in another thread that it's fairly easy to change a MAC address, but on most OTS AP's, that's not the case. Provided you have intelligent switches or at least machines with decent scripting kits, you can watch your ARP tables for common vendor MACs, like Linksys or Dlink. The downside to this, is that your ARP cache might not spot an AP in bridging mode, but a decent managed switch would, since it has to forward frames.