Detection of Rogue Access Points

Joe Hamelin joe at nethead.com
Thu Oct 18 14:12:31 UTC 2012


On Thu, Oct 18, 2012 at 7:00 AM, Jonathan Rogers <quantumfoam at gmail.com>
 wrote:

> I like the idea of looking at the ARP table periodically, but this presents
> some possible issues for us.


Is it just WAPs that you are worried about or any rouge device at the
remote sites?  If you're doing medical data then I would think that any
non-company device would be suspect.  If that is the case then ARP scraping
is the better way.  Basically you need an inventory of what is at the
sites.  This you should already have and if you don't, that is your first
step.

A bit of perl and expect scripting would get you a long way to your goal.
 Like I mentioned before, if you don't have the time/talent to script the
task, call out for a coder-for-hire.

I feel that concentration just on WAPs is missing the bigger issue.

--
Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474


More information about the NANOG mailing list