Slashdot Mirror
How Do You Locate That Access Point?
parp asks: "As an IT Manager I'm concerned about unauthorized Access Points being installed, or users who setup wireless computer to computer networks. How do you find the exact location of these devices? I've tried walking around the office with a laptop watching the signal, but the signal monitors that are included with most network drivers are very limited. The signal could be upstairs, downstairs or right around the corner, but I can't find it. Results of web searches I've done just tell you how to find a signal (wardrive), not the source. I'd be interested in any software or hardware device that can locate the device within a few feet."
It seems to me that you'd need to build a VERY directional antenna, and then you could triangulate the position fairly easily, and it could get you in the right area. Hopefully on the right floor ;)
Nobodies Prefect
Tidbits for Techs Technology Blog
You would probably need to build a loop antenna, they are directional and as far as I know, do not have much gain, you would just need to spin the look to find the strongest signal and take a measurement from 2 different places, then you could just draw to lines on a decent site layout map and know within about 10 feet where the signal is, google for "radio fox hunt" or "loop antenna".
Hey guys, a quick google revealed this:
_ pinpoints_location.php
http://www.airespace.com/technology/technote_rffp
Thught you might be interested.
Just monitor the traffic to see who is actually using the link. you should be able to figure it out from their IP address or their browsing habits. Chances are it is whoever set up the link. You may have to use one of the many WEP crackers, but that shouldn't present a problem.
If no one ever seems to be using it, it is possible you are picking up someones laptop with a built in 802 card that automatically enables without the user even knowing.
http://notanumber.net/
Attach to the access point and ping your router.
Then pull wires till the ping stops. Work up the wires till you find the one the access port is on the end of.
Sam
blog.sam.liddicott.com
My company recently implemented a product called "WiFi Watchdog" from Newbury Networks (http://www.newburynetworks.com/). Damned nice product, and it has the capabilities you are looking for. The latest version of their software will give you a heat map as to where a device is likely to be overlaid on top of a map of your building.
Other vendors selling a similar products include Airmagnet and AirDefense. Some of the bigger AP infrastructure guys such as Cisco even have some built in products to do similar things.
The big advantage I found with NNI is that their product helps reduce false positives by identifying APs outside our building and labeling as such - so when a Sears truck drives by with a built in AP our alarm bells don't go off. Other neat things include a cool RADIUS service that "authorizes" connections based on location. Tied together with other authentication services that would make for a really really powerful solution for securing your wireless.
Anyway, hope that helps find some good solutions for you.
-Jack Ash
PS: No, I am not an employee of NNI or anything of the sort, I'm just a guy who went through your exact problem last year and ended up finding this solution.
First, start on a floor you know has access to this access point. Then, get in the elevator and hit the top floor. Note what floor you get disconnected on. Do the same going down, and average those numbers together and you have the floor it's on.
Once you are there, gather everyone around, and tell them that you know one of them has a wireless access point around. The first person to turn around and hurry away sneakily is your guy. Pull out your gun and shoot him in the back. Find his desk and everywhere he goes, and you'll eventually find the access point. Problem solved.
Or were you wanting to do this legally? Then I would just get them in a headlock and "nugey" them until they tell you where it is.
Oregon State University's Open Source lab has a tool specifically designed to find rogue wifi access point on univerisity networks, and it's available here: rogue detect
Simple! You simply log into the access point and type 'eject' at the command prompt. Then look for the Access Point with the CD-Tray open...
:)
Hey, if it works for a maze of Linux machines
But in all hoestly, you probably want a directional antenna as the other posters are suggesting. However, I suggest you get 2-3 volunteers, each with their own directional antenna. It will be easier to triangulate the signal if you have 3 folks coming in from 3 different angles.
"Can of worms? The can is open... the worms are everywhere."
I'm going to have to agree. If it's an employee's own computer, with its own wireless card, you can't legally take it. Just like you can't take their cell phone or wallet or car keys. You'd have to prove that it's interfering materially with your business and that's going to be really hard to do as the spectrum for wireless is not only unlicensed, but also under the FCC's jurisdiction and not yours.
Likewise, if you believe the employee is doing something illegal, you can fire him/her. If the employee's performance is less than adequate, you can fire them. But you won't be able to take the laptop or the wireless card, since it isn't yours to take. I bet he can also claim that unless you block all 802.11g or b or a (as the case may be) signals in the building/set of offices, it would be discriminatory to block his. And that's going to be hard to do because you, in fact, may not block such signals (under FCC regulation). Finally, I would be very careful about cracking the encryption. Encrypted signals create the expectation of privacy, and you may be in violation of a whole bunch of laws. What if he's using the encrypted signal to keep track of his/her spouse's (insert medical device) to monitor his/her (insert medical condition) recovery?
I would run it by a good lawyer first.
"Piter, too, is dead."
Actually I think that would depend on the company policy. It sounds like they want to set a policy of no access points. Also if the access point connects to the company lan, then it can be considered a potential security breach, and dealt with that way. Even if it is their own hardware, once they hook it up to the company lan, the company can ban them from bringing the device in, or even potentially fire them for creating a security risk.
Only 'flamers' flame!
Does slashdot hate my posts?
But how would he prove that they were actively participating in such peer-to-peer/ad-hoc wireless networking? It'll be his word against theirs. And the accused can always claim harassment (ie. sexual if it's a woman) or racism or whatever card they wish to play.
Cyric Zndovzny at your service.
If you're so concerned about systems connecting, then perhaps you should get the MAC address of all your authorized machines, and only allow those at the router or firewall level?
You should also keep your servers secured against your internal network, only allowing services that are actually needed. There's a tendancy to trust everything internal on your network -- but really, with wifi and so many people having laptops, as well as systems infected with viruses and spyware, the internal network is just as volitaile as the internet itself.
Speak before you think
Grab a Pringles can or buy/make a yagi antenna. Get a laptop with netstumbler or kismet on it, and watch the signal strength graph as you point the antenna around.
I'm sure you've heard of Dowsing Rods
Install Ubuntu in Android
Remember that the network it is plugged into is the businesses, not the individuals, and the business dictates what is done with it. They have every right to disconnect it. They might not be able to confiscate it, and keep it, but they can certainly disconnect it, unplug it, and tell the employee to never, ever bring it back in.
What are we going to do tonight Brain?
First, in most office buildings signals reflect and bounce in non obvious ways. I'd start with a directional antenna with the tightest beamwidth you can find (90 degrees, 60 degrees, etc). Choose 5 or 10 spread out locations and look at the netstumbler reported dB as you sweep in a 360 degree circle. Mark which channels have strong signals and in what direction they are coming from. Plot several lines on an office map for each channel in each spot - the strongest signal, and a few weaker signals to help reduce problems with signal reflections.
If you are attempting to do this for a multi story building then you may choose to sweep in a sphere, or simply do the single floor sweep with multiple locations on each floor.
This will give you a good general location to search more closely.
If this doesn't help or work very well, or you are interested in the armchair approach, try searching from the network.
You know the IP address of the access point. If you don't, connect to it and find out. This may require breaking a WEP key, and setting up and internal website that shows the AP's WAN IP address when you view the page if the AP is set up to route and NAT.
Now that you have the IP address, you should also have the MAC. Set up the DHCP server to deny that MAC an IP address if you don't want to worry about it and think the person isn't very bright.
Use your routers to find the port or hub the AP is connected to, and use various network tools to locate the actual connection. You could flood the network with ARPs or pings for the IP and pull plugs until it stops responding.
If you're certain it is the only device on that wire you could 'disable' it with an etherkiller. Of course, you may also set the building on fire, but either way the AP will stop.
You could also setup a rogue machine that listened to the wireless signal and spoofed TCP/IP responses for webpages and images. If the people can't use the AP, then it's effectively dead.
There are a variety of ways to further shut down APs, but this ought to get you started.
-Adam
Set up your own access point with the same SSID and see who tries to connect.
parent is offtopic
Here is an idea for people who bring in an off-the-shelf wireless router. If they are dumb enough to leave SSID visible, perhaps they left it at the defaults. See if you can join it and then try a default password. There you can find the MAC address on the WAN side. If you have at least layer 2 managed switches on you network, you can log into them and look at the tables to determine which port it is comming in to. Hopefully you have a current map of your network (i.e. jack #23 in the wiring closet goes to the General Managers office.) The last place I worked for had no such map, I had to make it myself. If someone cries foul that I suggest they "hack" into someones personal property, tough. The culprit is using Company resources and leaving a door open into the network, possibly affecting others. Hope this helps
"Build something idiot proof, and someone will build a better idiot" - Samuel Clemens
Try browsing through your LAN switch's MAC address tables.. The manufacturer ID on the WAP will probably be different than most of your other computers' network cards.
Sniff and figure out the MAC address of it, and then view the CAM or MAC table in your switches to find out what port it's in. Simple, and it works great.
Need Free Juniper/NetScreen Support? JuniperForum
The stuff is not plugged in to the network. It's wireless.
They can tell them not to bring it back, sure. Also, they still can't crack the encryption (legally) even just to find out if there is theft going on.
If theft is suspected, that's what the FBI is for, and they can go get a wiretap order from the judge.
Finally, the business should not be running wireless. It's insecure, it's been demonstrated insecure, and it's been demonstrated hard to guard and easy to penetrate.
"Piter, too, is dead."
Your word against theirs? Drag their manager over to the offenders desk and point at the unauthorized AP pluged into the corprate network...Am i missing something here?
Pluralitas non est ponenda sine neccesitate
If your network is good enough, there wouldn't be a need for rogue WAPs.
Supply your users with a better wireless network! Make sure there is connectivity EVERYWHERE & then lock your own network down (through VPN, WPA+Radius, or whatever).
If even facility-provided wireless is absolutely verboten everywhere, just put up jammers & be done with it.
Or change your AUP and internal network security so that you wouldn't care about WAPs.
If you decide to go hunting for them, you'll have to do it more than once. There is employee turnover & machine turnover & anyone can bring in a new WAP.
Just ask Frink:
"I have captured the signal and am presently triangulating the vectors and compressing the data down in order to express it as a function of my hand... They're over there!"
Not necessarily. At my office, most people have laptops with wireless cards built in so they can work easily from home or at customer sites. But our corporate policy (until very recently) was NO WLAN in our offices. Even now, it has to be Cisco with LEAP, so they can be sure the network is secure.
They have had a lot of trouble in other cities with people bringing in their Linksys or D-Link home APs and plugging them into the LAN so they can "go wireless". Of course, the network guys back at the home office have no way of verifying that these APs are properly secured (or secured at all), and since the office's "LAN Admin" (if one exists) is seldom competent to do the job (they usually have the accounting controller handle it) they don't have anyone onsite who can reliably check, so the rule was "no wireless".
What you really need to do for the medium-long term is prevent the access points from working at all (something like only allowing registered MAC addresses to get DHCP leases, for one example).
Send out a company-wide email reminding employees about the corporate policy against bringing wireless access points from home. Ask anyone who has one to please disconnect it and remove it from the premises thank you for your cooperation etc etc.
Worker bees will comply almost instantly. If it's still on the air by that evening, start looking in manager offices. If you can at least isolate it to one floor you should be able to just LOOK for it. It's connected to the network, right? Follow some ethernet cables and you'll eventually find it. It's not like they would hide it in a metal filing cabinet.
And when you do find it, don't be an @$$ about it. Just remind the misguided soul that this is against corporate IT policy and we'll be happy to extend a supported AP into the ceiling near you on monday.
Why isn't there a product available that allows one to "view" RF like a camcorder.. or at least still photos? Could something like a CCD sensor be built that would be tuned to radio frequencies instead of light frequencies? This sort of device would be extremely useful for locating RF signals, helping to find sources of interference, verifying whether antenae are active or not, looking for someone using a radio while hiding behind a bush with a gun, you know.. things like that.
Ouch! The truth hurts!
People will generally do the right thing.
After a week or so, just walk around with something running Kismet to alert you to the obvious, but more importantly simply LOOK in peoples cubies: If you try to hide an AP/Router, its coverage will be so pathetic it's not a credible risk to begin with. Most all of them will be sitting in plain sight.
For anything you do find, and I suspect you'll find nothing because people will generally do the right thing when their job is on the line, just deal with it: if the AP is locked down to specific MAC addys and using 128b WEP and isn't close to public areas, just don't worry about it. After all, think about all the LAN jacks that are sitting around unguarded.
Equipment sensitive enough for you to determine direction is expensive. Triangulation even more so.
1) Attach to the access point (assuming it's not using WPA)
2) Traceroute back to find out the access point's IP
3) Look up in your manuals (you *do* have manuals, don't you) to find out where that IP block is assigned
4) Invade the sales department.
Alternatively, after you connect, try the usual addresses to access the admin interface of the AP. Change it to some settings that will never work, then change the password. When they complain to you/helpdesk, you have them.
by nicely asking the people in the cat detector van perhaps?...
Loop antennas have a nice wide range of angles where they receive well, and a sharp narrow range in which they don't. Radio direction finding means turning the loop until the signal cuts off and then following the direction of the plane of the loop.
Real-world reflections make this much harder.
If they really connect to your network, you may not really need to physically locate them to get them off your network.
;) ). If it appears to be connected to your corporate network, you can visit a website under your control and gather more info (e.g. if there's NAT/firewall involved what IP address it is), and then figure out the relevant IPs and MACs.
What you could do is attach to the wireless network (don't try this in Florida
Next look for the MACs in all your switches (easily automated queries to your switches should do the trick). Once you've located the edge port they are on, and gathered a list of who's on that port, you can go figure out what to do next - like block them, and/or have a nice chat with the relevant culprit.
(Though if you didn't like your IT department, you certainly could set up an AP in your office -- not plugged into the network at all -- just to mess with them. Power it with a battery if you really want to make sure it doesn't violate any company policies. Howver, if you're going to do this, it may really piss them off when they find it, and it could very well still get you fired. And perhaps rightfully so, since obviously you'd be a schmuck with too much time on his hands.)
It can be made reasonably secure easily enough. WEP helps a lot, but by itself it doesn't make it completely secure, and that's probably what you're referring to. But there are other ways to secure wireless networks, and some of them work pretty good. The NSA probably doesn't use them (on their uber-secure networks anyways), but for many companies they're good enough.But really, the `wireless isn't secure' mantra is getting quite old. There's some truth to it, but it can be made secure. Secure enough, anyways. (After all, IT is always balancing security with usability. Security is not a black or white thing -- it's a huge spectrum.)
True, but unauthorized access points give one more point of entry that someone outside the company can use to find a weakness; no network can be 100% secure, and preventing physical access is yet another tool in securing it.
If you have a wireless AP around then someone can get in from outside the building, after hours, when nobody is around to notice the intrusion...
I drink to make other people interesting!
I've seen lots of solutions posted, the simplest probably being triangulation with a directional antenna.
Another solution is to combine a GPS unit (Or just a map of your office since you know where you are in it) with the detailed signal strength that apps like netstumbler can produce. As you walk around the office you're plotting signal strength points on a map. It would shortly become quite clear. Given enough points you don't even need to do any math or draw any lines. With very few points you can still work it out.
"Rouge" Access Points?
Most of the AP hardware I've seen is some combination of Silver, Black, or Blue. Or perhaps White. But honestly, does it really matter what color it is?
No, wait... I think I found it!!
In a related story, the IRS has recently ruled that the cost of Windows upgrades can NOT be deducted as a gambling loss.
Let me get this straight...you're out to find "unauthorized" network activity between computers? As stated in previous posts, who owns these computers? Who owns the network?
If it's your network, then you need to record the MAC address of the unauthorized machines and use security measures to lock network. More securely, you can even configure the network to provide service *only* to authorized network adapters. That's how they do it here, and this is a public school (if THEY can do it, then you certainly can ;) The IT administration here is a bunch of boneheads).
But what happens if they're not on your network? Well, then we start to cross into a gray area of sorts. More variables need to be considered where none are given, such as who owns the machines and what restrictions the employees have agreed to previously.
If they own the computers, are running the network themselves, and are not violating any agreement with their employer, then finding/squashing the networks is really none of your business.
This one is highly directional.
These might be easier to aim.
- Preferences: Solaris 10 (servers), Ubuntu (desktops), Solaris 11 (personal servers) -
Why not announce an outage for your company's WiFi, then it would be much easier to figure out where the other access points are.
it's a sig, wtf?
I don't know if anyone else had the thought, but when I read the question I had visions of the film Independance day where they pull up the car next to the White house, he sets up an antenna and determines the exact point in the building his ex-wife is.
I'm no network security expert, but you could scan all machines for those with abnormal ports open. You could look for 80 or 8080. I think XP machines do not listen on port 113 while off the shelf wireless routers do. Then just cut off that user. Obviously it won't help you FIND the person, but the user might call in wondering why he/she can't connect anymore.
Prove it? No need - just ask them. If they say it's not theirs, take it. If they say it is, 'nuff said...
You could try one of thesee t/yellowjacket.htm
http://www.bvsystems.com/Products/WLAN/Yellowjack
We use them in my research lab and they prove to work very well in locating any radio device in a specified band. It comes with directional and omni antennea and dont simply decode an 802.11 packet and read the RSSI. It will actually measure the RF of every packet (included disgarded or hidden ones) from a given host and give you a very accurate power measurement that you can use to locate your offending device.
There are a few ways to solve this, but here's the easiest:
The equipment at work is the property of work. It is not to be abused, or used outside the scope of what is deemed proper by IT.
We locked machines down about 5 years ago - had people complaining up a storm about not having access to "their" machine. Simple things back then, such as not being able to change their background or screen saver.
Some of us within IT do have full admin access to our machines (development etc) - but this is with the understanding that if we screw something up, we're REALLY responsible. But, if a normal user happens to get admin on their box and we notice, they get a new image on their machine, and their boss gets billed.
That tends to stop any sort of "goofing around w/company property" that can happen in a less organized... organization....
Karnal
They tend to mess up the office and Phil from accouning got burned at the stake last time. But they do a good job, we think. It's an office tradition. Besides, I didn't like Phil that much anyway.
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
Trying to stop people who obviously are setting up workarounds to serious shortcomings in your companies IT department is not useful. Make them go away by making them unnecessary.
Each access point that exists is an employees time and money your IT department wasted. Now you are wasting more time and money hunting them down and if you succeed you will waste even more by forcing the employee to find another workaround.
Some people's job is to get stuff done. Other people's is to stop people from getting stuff done. Most companies would be better off if they fired everyone of the second type.
set softtabstop=4 shiftwidth=4 expandtab nocp worlddomination
Alas, I never actually looked at the logs of the AP to see if anybody actually tried to use it.
But at home, I create the policies. At work, the IT guys (or the suits) create the policies, and it's their job to police them. Putting up an AP that doesn't technically violate any policies, but looks like it does, just sends them on a wild goose chase. It's not likely to make you many friends when they do find it, even if it doesn't violate company policy.
(And yes, I do agree with the policies that prohibit `rogue' APs. It's hard enough to secure your network against your employees who want to install stuff on their computers. It's quite another when they let other people into the network.)
(And it's possible that they may say it violates company policy anyways, even if it's not plugged into anything. It depends on exactly how the policy is written, and how annoyed they are at you.)
Yup. Reflections are going to be a big problem.
I'm a rank amateur when it comes to T-hunting (a sport among ham radio operators that consists of trying to find a hidden transmitter with directional antennas), but after a couple excursions I can guarantee that hunting for a few GHz signal inside an office building is going to be tough. Even with equipment that will let you look at only the offending signal and dedicated df'ing antenna (whether nulling loops or something that chops between multiple antennas and actively compared phase from each), you'll spend a long time chasing reflections.
That's not to say it wouldn't be a fun thing to try, of course.
An alternative might be to attenuate the signal - by replacing the antenna on your wireless card with a badly tuned little stub of wire or sticking it in a metal biscuit tin grounded to the laptop chasis - and then walk the building floors looking for a peak.
Chances are you can cover all the floor space in your building in less time than it will take you to chase reflections around with a directional antenna.
You want the Auditor Collection CD and a decent directional antenna, such as a Cantenna or, if you have some cash, something by Huber & Suhner. Auditor is, by a far stretch, the best wireless security tools collection out there--it's a great complement to something like Knoppix-STD.
A Fluke Can help regarding signal strength, but the built-in antennas generally aren't great for spotting directions. They can help you start delimiting a general area without having you look like an idiot walking around with a laptop, though.
Also you may want to consider a Bumblebee -- I've seen one of these in use at PacSecWest, and it did a pretty good job finding transmitters. It's also a lot smaller than either a Fluke or a laptop.
If you're on a budget, try something like a Digital Hotspotter, although I wouldn't recommend this particular company due to delivery problems.
Cole's Law: Thinly sliced cabbage
What aout using a laptop logging GPS position and wifi signal strength at 2 second intervals. You'd possibly need to make the range of the wifi card smaller. Get whoever pushes the post troilley around to take it with them. From the logged data, it should be possible to locate each AP on a GPS map...
They can train dogs to find bodies, drugs, people, people's cancer.
Next..the amazing WAP smelling dog.
-- www.globaltics.net
Political discussion for a new world
A while back, I'd posted on my blog that it might be possible, if you knew the location of several managed WinXP laptops within the building, to use WMI/WDM scripts to locate SSIDs and signal strength, as "seen" by those systems. That way, you could get an idea of where the rogue WAPs may be. For example if you have an SSID with a low signal strength for a system on the third floor, query some other nearby systems, even ones on the second and fourth floors...it won't be exact but it will give you an idea. You can even get on the phone and have someone walk over there for you! H. Carvey "Windows Forensics and Incident Recovery" http://www.windows-ir.com/ http://windowsir.blogspot.com/
"If it's an employee's own computer, with its own wireless card, you can't legally take it"
This depends on the company policy. The company I currently work for has a policy of no computers, PDA's, etc except those provided by the company. They have temporarily taken an employee's computer, made sure no company IP was on the computer and escorted the employee/contractor out the door.
Just watch arp traffic, and you should be able to see when a new device is plugged in, and the vendor of that device. It should be easy enought to deny that device an ip address, using the mac address, in your dhcp server.
A wireless access point with no internet connect isn't much of a threat.
You could also run a program like jffnms that probes your switches for ports. When a new port comes active, you should see it pop up on the interface. You can then match that up with arpwatch to see if that's a valid host that should be on the network. If not, boot them off.
walking around with a laptop and wlan card seems like the hard way to do things, when you could be just sitting at your desk running the correct software. work smart, not hard.
Why read the article when I can just make up a snap judgement?
Do you have a closed network or an open network?
If it is closed, finish closing it, don't let your routers even talk to unauthorized devices that might get plugged in (so you don't talk to the wifi box), and ring alarms if unauthorized MAC addresses appear. Certainly don't have your DHCP server issue IP addresses to just any device that gets plugged in.
If your network is open (because you secure your traffic and machines), then maybe there is no harm in having wifi on it. Install access points for your workers.
-kb, the Kent who thinks you should step back and figure out what your security goals are.
If you must do this the hard way, find a directional antenna (try the pringles can, and in at least three different spots, try and find the direction of the AP... this won't rely on cutting someone's network access, and should work.
If you can get the company to establish a no WLAN policy, you can then remind everyone that WLANs are not allowed, and will take appropriate measure to make it so. There are devices out there that would prevent rogue wireless stations, and probably rogue wireless APs. They're not all that sophisticated (ie a hacker can figure it's an device deliberately stopping wireless), but your point seems to prevent insiders from putting up an wireless AP.
Is often banned in the office. So that is easy to deal with. And if you are on my network, you are either approved or you get your connection pulled. Good admins dont have 'live' connections just laying around.
For case #2, if you are improperly using company equipment you get written up or fired. Besides, unless you are an admin you wouldnt have rights to install the drivers in the first place..
Sounds like the original poster needs to crack down a bit in general.. If he can..
---- Booth was a patriot ----
Does anyone other than retailers actually use the term SOHO?
They have temporarily taken an employee's computer, made sure no company IP was on the computer and escorted the employee/contractor out the door.
That would seem to me to be rather illegal. Not that I don't understand the reasoning behind it but it's still quite illegal and if the employee sued them they would probably have lost big time.
The legal response to that would be to get an injunction to prevent them from revealing any IP contained on the machine while pursuing a court order to let your guys take a look at the machine and verify that there's no IP on it.
But short of a court order you as a private citizen can't take somebody elses property and go through it. It doesn't matter if it's a purse, laptop, glovebox or what have you.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
IANAL, but I don't see how this is any different than if you go to a professional golf tournment and get caught using your camera, and they take it, they open the camera, destory the film and give the camera back to you, (unless it's one of those disposables, of course they may give you back the pieces).
I think that if there is a clear policy against doing something, and it's on private property, which corporations and golf courses are, and you are caught breaking said policy then they are given some leeway to protect their IP, regardless the form of the IP, be it data, or an image.
All the posts I see here talk about loop antennae and such, ignoring the fact that it is HIS network.
If you can connect to the AP and the AP will route you onto your network you can determine the AP's IP. From there you can 1. temporarily disable it and 2. presumably discover the Ethernet drop it is attached to.
If you can't connect to it you can probably use something like nmap do find its IP through the process of elimination. (For example, if there is exactly one device on an IP from your DHCP pool that isn't a windows box.) From there the same steps apply.
-Peter
IANAL, but I don't see how this is any different than if you go to a professional golf tournment and get caught using your camera, and they take it, they open the camera, destory the film and give the camera back to you, (unless it's one of those disposables, of course they may give you back the pieces).
And I would still say that is illegal. The only legal recourse they'd have would be to get an injunction to prevent you from selling the pictures. They can't take your property away and destroy it. Just because you are on private property doesn't mean you give up your rights -- even if the property owner says that you do. You can't be forced to give up rights.
Don't think this is true? Refuse to let them look in your bags the next time you are leaving Wal-Mart. There isn't a damn thing they can do about it legally. The most they could do is tell you that you can't come back.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
(a synopsis of the above post)
FINDING A ROGUE ACCESS POINT
Simple step-by-step instructions for PHBs
1. Break WEP key on access point
2. Turn on routing and NAT on the AP
3. Set up an internal website to long its WAN IP address
4. Given the IP address, find the MAC
5. Set up DHCP server to deny the MAC and IP address
6. Flood the network with ARPs.
7. Set up a honeypot that spoofs TCP/IP responses.
8. ???
9. Now that you have found the AP, unplug it. (The black cable with two prongs at the end)
bp
I would think if the practice was illegal then given the type of people that go to golf tournments it would have been tested in a court of law by now. I have had it done to me, years ago, and every time I attend one, I witness it happen to at least 2 or 3 people.
I agree with you, it certainly is against the fundemental concept of rights that the founding fathers had, but I witness this sort of stuff happen on a regular basis. Just because you and I believe something is against the fundemental rights given to us by the Bill of Rights, doesn't mean that a court of law agrees, witness the latest attack on personal property rights/ownership by the USSC.
Use the force Luke!
Actually, it would be better to put the no access point poilicy in the company manual, as well as no unauthorized hardware. Once it is in the company manual, it becomes company policy. Then if they have an access point its a matter of pointing to the manual, and saying that hardware is unauthorized. The IT guys can have a camera, to take a picture of the aunauthorized device, and then if the guy / gal tries to sue, show the courts the photo and the policy. Nuff said.
Only 'flamers' flame!
Does slashdot hate my posts?
I would think if the practice was illegal then given the type of people that go to golf tournments it would have been tested in a court of law by now. I have had it done to me, years ago, and every time I attend one, I witness it happen to at least 2 or 3 people.
Then those people don't stand up for their rights. If you refused to physically hand the camera over to them, what are they going to do about it? Hold you down and take it away? Refuse to let you leave if you start to walk away? I'd dare them to try -- that's assault and false arrest.
It's the same with the Wally World scenario I mentioned. Once in a great while (I don't go to Wally World very often because I'd rather shop at a local store) when I go there I usually tend to just be buying one or two items. I usually check out in jewelry or electronics because I don't feel like waiting in line. Invariability the drone at the door will ask to see in my bags because he didn't see me check out.
When I refuse to be treated like a criminal and keep walking out the door there isn't a damn thing they can do about it. My typical response is "No you can't" and I keep walking. What are they going to do? Call the cops? Go ahead. Without some sort of cause they can't force me to let somebody look in my bags either.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
-Obtain the APs MAC address.
-Find the interface which has learned this MAC address.
-Identify the cabling port that connect to that interface.
-Consult your cabling schedule to determine the location of that port.
Or next time save yourself the headache of unathortized devices plugging into your network and implement some type of network authentication scheme. That, or, shut down all unused ports and set your switches to only learn one mac address per port.
"If it ain't broke, it doesn't have enough features yet"
If you wanted to go for "fancy", I'd suggest the following:
Card that supports external antennas
Pigtail adapter to a commmon connector such as N
Variable attenuator (You can probably find junky units suitable for your purpose very cheap - calibrated ones are MUCH more expensive.)
Antenna that uses the same connectors as the attenuator
Procedure:
Find signal
Turn attenuator up slowly until signal disappears
Move around to pick up signal again
Turn attenuator up even more
Rinse and repeat
retrorocket.o not found, launch anyway?
WEP and pre 802.1x wireless security regimens ARE worthless. 128 bit WEP can be broken in less than 4 minutes as linked to from slashdot. The only way I can see allowing wireless on my network is if I get to treat it just like the internet, which means only limited access to specific hosts on specific ports. And of course to enforce that kind of security I can't have random people plugging in their SOHO devices, so that leads back to the articles main question, how do you identify non-approved AP's =)
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Build a homemade small directional antennae, point and walk the direction of the strongest signal, signal goes weak then your getting cold.
I am Bennett Haselton! I am Bennett Haselton!
In any event, `WEP and pre 802.1x wireless security' are not the sum total of security systems used with wireless.
One simple way that many business secure WiFi systems is to configure it so the AP feeds directly into (and only into) a VPN server. In that case, your wireless network is as secure as your VPN server is. And there are other systems as well that work well for a business.
Um, that's trivial. You have a list of your approved AP's mac addresses, and if you find an AP that has a mac address not on the list, it's not approved. Walking around your company with a laptop running Kismet will find those for you, and will even give you a very rough idea of where it is (since WiFi doesn't go through walls terribly well, the range won't be that far.)Unless you meant how to physically find non-approved APs ... that would be best done with a directional antenna and some walking around, though if you could actually connect to the AP, you might be able to find it by sending traffic to some specific machines and then tracking the traffic back through your network, eventually finding out which network port it's connected to.
(But that wasn't the question I was originally answering.)