Detection of Rogue Access Points
quantumfoam at gmail.com
Thu Oct 18 21:43:55 UTC 2012
Nevermind, it appears SNMP is turned off on our routers and I do not have
control over that. I can at least present this as a possible option to the
person that does. Thank you very much for your suggestions, everyone. I'm
so glad I joined this list; I've learned so much and it's great to talk to
people who like to share their knowledge and experience.
On Thu, Oct 18, 2012 at 4:21 PM, Phil Regnauld <regnauld at nsrc.org> wrote:
> Raymond Burkholder (ray) writes:
> > NetDisco knows how to scan networks for mac addresses, arp addresses, ip
> > addresses, etc. It keeps track of deltas. It may have be able to email
> > deltas or something similar. Or run a query against the database, as I
> > seem to recall it seems to hold historical data.
> Yes, NetDisco will do this, and it has query interface for looking
> up MAC <-> associations, and where they were last seen.
> Netdot (netdot.uoregon.edu, just mentioned it in an earlier mail)
> offers this functionality, and stores the information in the
> database for
> Jonathan Rogers (quantumfoam) writes:
> > I, uh...don't actually know how to do that. I've not done very much with
> > SNMP other than working with power management devices. If someone could
> > direct me to a good tutorial, that would be much appreciated.
> It's probably easier to use one of the tools mentioned than to
> writing your own. To do that, you'd have to retrieve the L2
> forwarding table from switches, and the ARP tables from L3 devices.
> You have to query all active devices regularly and build/update
> your DB
> from that. There are tools such as SNMP::Info
> http://search.cpan.org/~maxb/SNMP-Info-2.01 that make this easier,
> but still some amount of coding would be required.
> It's then a matter of querying the DB, and looking for the MAC
> of suspected rogue devices, if they keep on showing up (you will
> see many
> one-times that don't reappear, which also grows the DB
> significantly over
More information about the NANOG