Detection of Rogue Access Points
Jonathan Rogers
quantumfoam at gmail.com
Thu Oct 18 17:05:14 UTC 2012
I, uh...don't actually know how to do that. I've not done very much with
SNMP other than working with power management devices. If someone could
direct me to a good tutorial, that would be much appreciated.
--JR
On Thu, Oct 18, 2012 at 12:31 PM, Chris Boot <bootc at bootc.net> wrote:
> On 18/10/12 15:12, Joe Hamelin wrote:
>
>> On Thu, Oct 18, 2012 at 7:00 AM, Jonathan Rogers<quantumfoam at gmail.com>
>> wrote:
>>
>> I like the idea of looking at the ARP table periodically, but this
>>> presents
>>> some possible issues for us.
>>>
>>
>> Is it just WAPs that you are worried about or any rouge device at the
>> remote sites? If you're doing medical data then I would think that any
>> non-company device would be suspect. If that is the case then ARP
>> scraping
>> is the better way. Basically you need an inventory of what is at the
>> sites. This you should already have and if you don't, that is your first
>> step.
>>
>> A bit of perl and expect scripting would get you a long way to your goal.
>> Like I mentioned before, if you don't have the time/talent to script the
>> task, call out for a coder-for-hire.
>>
>
> You should be able to get the ARP table off a router using SNMP, which
> would be much cleaner than using expect to login to a router's management
> interface...
>
> HTH,
> Chris
>
>
More information about the NANOG
mailing list