Rogue Access Point Detection?

Yossarian2000 asks: "With all the media attention WLANs have been getting lately, more and more businesses seem to be looking to better understand their implications as relates to company intranets. Whether a business is running a WLAN or not, detecting rogue access points is essential to maintaining some degree of security. Currently, it seems there are few options for detecting APs: subnet scans (which add overhead to the network and can still miss some APs), handheld devices (which require regular site surveys), and systems that use existing access points to detect rogues (this assumes you have APs covering your entire site). Has anyone heard of better methods for the detection of rogue APs?"

ObJurrasicParkQuote: I know this, this is Unix!

[Nathan+Ramella]

this should do the trick. It goes from 10Mhz up to 2.6ghz, which should cover 802.11b (2.412Ghz (ch 1) to 2.462Ghz (ch 11))

Shows signal strength too so you can do the James Bond homing-in-on-the-signal-with-gun-drawn type stuff.

-n

No, no easy way.

[WolfWithoutAClause]

At the last place I worked I installed a 'rogue' WiFi installation.

However, I did it fairly properly, I installed a Linux box configured as a firewall, configured the filtering on the firewall so that all the through traffic could only go off to the official company contivity VPN server (which happened to be on another site!), and ran VPN software on all the clients.

Basically, it was very secure, short of hacking the firewall (tricky, the filtering rules were pretty brutal), or one of the clients (I put personal firewalls on each of the clients too), there was no way in. Even the building was pretty much a Faraday shield due to metallised windows(!)

From the network side, the WiFi AP is very difficult to spot- the firewall just looks like a Linux box; which is what it is; it just NATs the AP off of itself. There may be ways to find it, but I can recompile the firewall to make it very difficult.

The only definite way to find it was if you knew it was there or went around with a WiFi receiver looking for networks. I suppose you might get a bit suspicious about the NATed network there are ways to spot those, but that depends on your network connectivity rules, they may well be legal anyway.

The whole thing only tied up 1 pc and only then because we didn't have a linux box hanging around we could configure to be a firewall. The network guys had put in some ridiculous estimate on how much it would cost to install... thousands of pounds.