Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Wireless Networking

How Do You Locate That Access Point? 159

Posted by Cliff from the dowsing-wlan dept.
parp asks: "As an IT Manager I'm concerned about unauthorized Access Points being installed, or users who setup wireless computer to computer networks. How do you find the exact location of these devices? I've tried walking around the office with a laptop watching the signal, but the signal monitors that are included with most network drivers are very limited. The signal could be upstairs, downstairs or right around the corner, but I can't find it. Results of web searches I've done just tell you how to find a signal (wardrive), not the source. I'd be interested in any software or hardware device that can locate the device within a few feet."
This discussion has been archived. No new comments can be posted.

How Do You Locate That Access Point? More

How Do You Locate That Access Point?

Comments Filter:

  • Radio Direction Finding (Score:4, Informative)

    by toygeek ( 473120 ) on Thursday July 14, 2005 @06:47PM (#13067932) Journal
    It seems to me that you'd need to build a VERY directional antenna, and then you could triangulate the position fairly easily, and it could get you in the right area. Hopefully on the right floor ;)

    • Re:Radio Direction Finding (Score:5, Funny)

      by chriso11 ( 254041 ) on Thursday July 14, 2005 @07:02PM (#13068079) Journal
      I tried using a directional antenna and kept finding these [wikipedia.org].
    • If you have an external card (or antenna), a simple coke-can-type metal cylindrical shield around it will pretty much make it recieve from one direction only.

      (Ok, two directions, but one direction contains your laptop, so it should be discernable in the signal strength when you move around)

      Dare I say consulting an expert on the judicious use of tinfoil might be appropriate? Call the tinfoil hat brigade! Actually, no need to call, they'll reply below soon enough.
    • Build a Pringles can antenna and start homing in! Good resources here: http://members.aol.com/homingin/ [aol.com]
    • Yep, definately the way to go - you know that there is a whole subsection of the Ham radio hobby that does this?

      IF you use a directional antenna (aka beam) you will usually also need/want an attenuator, so you can cut down on signals that are TOO strong

      There are also "time of arrival" RDF units - take 2 antennas, put them say, less than 1/2 wavelength apart, and a fairly simple circuit that generates FM, plus a radio tuned to the frequency in question - if the signal gets to both antennas at the same time
      • Too bad TDOA would be a royal pain to set up with his particular system without building some serious custom hardware. It's not like us hams who just set up an antenna switcher using PIN diodes and a 555 timer and connect the output to the antenna port of our handheld FM receiver. :)

  • loop antenna (Score:5, Informative)

    by chinakow ( 83588 ) on Thursday July 14, 2005 @06:51PM (#13067968)
    You would probably need to build a loop antenna, they are directional and as far as I know, do not have much gain, you would just need to spin the look to find the strongest signal and take a measurement from 2 different places, then you could just draw to lines on a decent site layout map and know within about 10 feet where the signal is, google for "radio fox hunt" or "loop antenna".
    • Loop antennas have a nice wide range of angles where they receive well, and a sharp narrow range in which they don't. Radio direction finding means turning the loop until the signal cuts off and then following the direction of the plane of the loop.

      Real-world reflections make this much harder.

      • Re: reflections (Score:3, Interesting)

        by munpfazy ( 694689 )
        Yup. Reflections are going to be a big problem.

        I'm a rank amateur when it comes to T-hunting (a sport among ham radio operators that consists of trying to find a hidden transmitter with directional antennas), but after a couple excursions I can guarantee that hunting for a few GHz signal inside an office building is going to be tough. Even with equipment that will let you look at only the offending signal and dedicated df'ing antenna (whether nulling loops or something that chops between multiple antenna
        • If you wanted to go for "fancy", I'd suggest the following:

          Card that supports external antennas
          Pigtail adapter to a commmon connector such as N
          Variable attenuator (You can probably find junky units suitable for your purpose very cheap - calibrated ones are MUCH more expensive.)
          Antenna that uses the same connectors as the attenuator

          Procedure:
          Find signal
          Turn attenuator up slowly until signal disappears
          Move around to pick up signal again
          Turn attenuator up even more
          Rinse and repeat

    • Re:loop antenna (Score:3, Interesting)

      by myukew ( 823565 )
      as macgyver did in episode 18, "Ugly Duckling".
      Watch it to get a how-to

  • Something to check out... (Score:3, Informative)

    by Mercury2k ( 133466 ) on Thursday July 14, 2005 @06:52PM (#13067975)
    Hey guys, a quick google revealed this:

    http://www.airespace.com/technology/technote_rffp_ pinpoints_location.php [airespace.com]

    Thught you might be interested.

    • Re:Something to check out... (Score:5, Insightful)

      by QuantumRiff ( 120817 ) on Thursday July 14, 2005 @07:22PM (#13068265)
      Airespace was recently purchased by Cisco. I just bought some of the equipment, and it is damn sweet.. One note about the location pinpointing though.. (see below for the poor mans fix..)

      By default it tells you that AP X detects an access Point. It tries to connect as a client, and ping spots on your network. This tells you if its on your network or not.. If you feel mean, you can flood it and shut it down.. (DOS attack built in!) However, if you want the precision mapping, you have to pay a very, very large chunk of change.. I have seen a demo, and it is pretty sweet to watch it pinpoint the exact location of a rouge AP. Keep in mind that this uses triangulation. You need more than one of your Cisco AP's to be able to see this rouge to get it pinpointed.

      (Poor/Evil BOFH Fix) I would connect through the access point, note my IP, see if I could Ping the network.. Then, check the IP/Mac address, and find what port on my switches it is coming from. Disable the port. (if you have a nicely labeled patch panel, you could walk to the switch, and see exactly where the port is..) Wait for someone to complain about no network activity...

      • Re:Something to check out... (Score:3, Funny)

        by Anonymous Coward

        Mebbe it's just because it was written by Marketing Droids, but this doesn't give me much confidence:
        Because an 802.11b/g access point has roughly a 100-by-100-foot coverage area, locating the client by the closest AP method tracks it to within a 10,000-square-foot area, or the space of about 100 cubicles in a building.
        I've never known anything to radiate in a square before...
      • If you were truely BOFHly you would just turn the port down administrativly, no sense in walking into the boobytrapped datacenter if you don't have to =)

  • netsnoop (Score:5, Informative)

    by John Meacham ( 1112 ) on Thursday July 14, 2005 @06:53PM (#13067982) Homepage
    Just monitor the traffic to see who is actually using the link. you should be able to figure it out from their IP address or their browsing habits. Chances are it is whoever set up the link. You may have to use one of the many WEP crackers, but that shouldn't present a problem.

    If no one ever seems to be using it, it is possible you are picking up someones laptop with a built in 802 card that automatically enables without the user even knowing.

  • Pull wires (Score:3, Insightful)

    by samjam ( 256347 ) on Thursday July 14, 2005 @06:54PM (#13067992) Homepage Journal
    Attach to the access point and ping your router.

    Then pull wires till the ping stops. Work up the wires till you find the one the access port is on the end of.

    Sam

    • Re:Pull wires (Score:2, Funny)

      by eyeye ( 653962 )

      Then pull wires till the ping stops.

      or, more likely, pull wires until your employment stops which wont be long in many companies if you pull that kind of trick.

      • Re:Pull wires (Score:2, Interesting)

        by Anonymous Coward
        You must be new.

        Such activies are allowed, if not encouraged, from IT people.

        At least every place I've ever worked... boggled my mind the things that no one seemed to think was inappropriate or a problem.

        As long as you sent out an email saying "We apologizze for the network trouble earlier this morning" -- it wasn't a problem that the network went down because you shut down the wrong server because you logged into the wrong IP.

      • Re:Pull wires (Score:4, Insightful)

        by samjam ( 256347 ) on Friday July 15, 2005 @03:04AM (#13070649) Homepage Journal
        Hey - it was night when I wrote the post, I imained it would be late night when the deed was done.

        There's a lot of talk about fancy switches, but we don't know if this guy has any managed switches.

        When I said "pull the wires till the ping stops" I didn't expect him to end up with a load of wires on the floor, I expected him to plug eachone back in after 2 seconds.

        Ethernet can cope with a brief unplug without difficulty.

        If *I* was doing it and I had fancy switches I would stull pull wires. How many places have a map of the wiring and mac addresses on switch ports and so forth? And if folk are able to plug in wireless access points where they like, do you think such maps and charts would be up-to-date?

        Maybe I'd try it that way for fun, but networks grow and breed in weird ways, hence the wire-pull suggestion: "it will work"

        Sam
    • Close, but login to your switch/router and follow the mac-address table. Most 'bigger' switches have a unique mac address on their ports too, so you can poke at the stuff and arp for it. Just because things are layer-2, doesn't mean you can't follow the path.

      Of course most of the ideas i've read don't help with non-broadcast/non-open [e]ssid. You could always just do mac address security on your switch (if possible) and lock it down to existing hosts (except for your conf room lans where you may have g

  • Commercial Solutions (Score:5, Informative)

    by JackAsh ( 80274 ) on Thursday July 14, 2005 @06:57PM (#13068022)
    My company recently implemented a product called "WiFi Watchdog" from Newbury Networks (http://www.newburynetworks.com/ [newburynetworks.com]). Damned nice product, and it has the capabilities you are looking for. The latest version of their software will give you a heat map as to where a device is likely to be overlaid on top of a map of your building.

    Other vendors selling a similar products include Airmagnet and AirDefense. Some of the bigger AP infrastructure guys such as Cisco even have some built in products to do similar things.

    The big advantage I found with NNI is that their product helps reduce false positives by identifying APs outside our building and labeling as such - so when a Sears truck drives by with a built in AP our alarm bells don't go off. Other neat things include a cool RADIUS service that "authorizes" connections based on location. Tied together with other authentication services that would make for a really really powerful solution for securing your wireless.

    Anyway, hope that helps find some good solutions for you.

    -Jack Ash

    PS: No, I am not an employee of NNI or anything of the sort, I'm just a guy who went through your exact problem last year and ended up finding this solution.
    • Meh, I hate replying to myself. Forgot to note that most products you'll find are hardware AND software. Little AP detection devices go all over your ceiling while some central server talks to them to figure out where things are.

      Oh, and regarding the RADIUS stuff, the authentication can be based on things like "Joe's laptop is in Conference room 6N, so he's authorized for wireless inside that room but not outside it". Obviously you need to define your rules in the software but you get the gist. The system
    • Lots of the companies in this space OEM a hardware RF sensor from Network Chemistry [networkchemistry.com]. They recently released a Mobile version - allowing you to triangulate AP positioning by taking readings at different points on a floorplan with your laptop.

  • Comment removed (Score:5, Funny)

    by account_deleted ( 4530225 ) on Thursday July 14, 2005 @06:58PM (#13068027)
    Comment removed based on user account deletion

  • Roguedetect from the OSU open source lab (Score:4, Informative)

    by imsmith ( 239784 ) on Thursday July 14, 2005 @07:04PM (#13068095)
    Oregon State University's Open Source lab has a tool specifically designed to find rogue wifi access point on univerisity networks, and it's available here: rogue detect [osuosl.org]
  • Simple! You simply log into the access point and type 'eject' at the command prompt. Then look for the Access Point with the CD-Tray open...

    Hey, if it works for a maze of Linux machines :)

    But in all hoestly, you probably want a directional antenna as the other posters are suggesting. However, I suggest you get 2-3 volunteers, each with their own directional antenna. It will be easier to triangulate the signal if you have 3 folks coming in from 3 different angles.

  • MAC address (Score:3, Insightful)

    by gregmac ( 629064 ) on Thursday July 14, 2005 @07:30PM (#13068329) Homepage
    If you're so concerned about systems connecting, then perhaps you should get the MAC address of all your authorized machines, and only allow those at the router or firewall level?

    You should also keep your servers secured against your internal network, only allowing services that are actually needed. There's a tendancy to trust everything internal on your network -- but really, with wifi and so many people having laptops, as well as systems infected with viruses and spyware, the internal network is just as volitaile as the internet itself.

    • Re:MAC address (Score:3, Insightful)

      by rusty0101 ( 565565 )
      Perhaps the biggest problem with this is that the MAC of the access point will very rarely be the address that the network traffic will be sourced from. Likewise the source MAC address in packets through the AP may be in the approved address list as well.

      About the only way you can really lock this down via MAC addresses is to restrict what MAC can appear on what Switch port in your network. This does require that you have managed switches.

      Another thing to do would be to check the mac list in your DHCP ser
      • It's ironic to me that your website's domain is "beresourceful.net" and yet you're the first person to post a complete yet simplistic and systematic solution. ...meanwhile everyone else is running around with Pringles tubes. We all know they just want to eat Pringles. Thats what IT managers do.
      • Perhaps the biggest problem with this is that the MAC of the access point will very rarely be the address that the network traffic will be sourced from. Likewise the source MAC address in packets through the AP may be in the approved address list as well.

        Well, that's why I said to only allow approved MAC addresses -- not find and ban MACs of the AP's (one of the big problems was locating them in the first place).

  • Use several methods. (Score:3, Informative)

    by stienman ( 51024 ) <adavis@@@ubasics...com> on Thursday July 14, 2005 @07:38PM (#13068395) Homepage Journal
    First, in most office buildings signals reflect and bounce in non obvious ways. I'd start with a directional antenna with the tightest beamwidth you can find (90 degrees, 60 degrees, etc). Choose 5 or 10 spread out locations and look at the netstumbler reported dB as you sweep in a 360 degree circle. Mark which channels have strong signals and in what direction they are coming from. Plot several lines on an office map for each channel in each spot - the strongest signal, and a few weaker signals to help reduce problems with signal reflections.

    If you are attempting to do this for a multi story building then you may choose to sweep in a sphere, or simply do the single floor sweep with multiple locations on each floor.

    This will give you a good general location to search more closely.

    If this doesn't help or work very well, or you are interested in the armchair approach, try searching from the network.

    You know the IP address of the access point. If you don't, connect to it and find out. This may require breaking a WEP key, and setting up and internal website that shows the AP's WAN IP address when you view the page if the AP is set up to route and NAT.

    Now that you have the IP address, you should also have the MAC. Set up the DHCP server to deny that MAC an IP address if you don't want to worry about it and think the person isn't very bright.

    Use your routers to find the port or hub the AP is connected to, and use various network tools to locate the actual connection. You could flood the network with ARPs or pings for the IP and pull plugs until it stops responding.

    If you're certain it is the only device on that wire you could 'disable' it with an etherkiller. Of course, you may also set the building on fire, but either way the AP will stop.

    You could also setup a rogue machine that listened to the wireless signal and spoofed TCP/IP responses for webpages and images. If the people can't use the AP, then it's effectively dead.

    There are a variety of ways to further shut down APs, but this ought to get you started.

    -Adam
    • Mod Parent up, most informed post on the page. This is my advice exactly - though I do want to add another scenario:

      Say there is a rogue node out there and it has your internal address of 10.0.0.10 (router of .1), and it uses addresses of 192.168.0.x. You can sniff the traffic with kismet to determine what kind of traffic is passing back and forth(between the rogue wap and the rogue clients connecting to it). Once you find some outbound traffic to a good external destination, say 100.0.0.1, you can cross y
    • Also, keep in mind that if you're running a pretty solid network, you will know a few things:

      1. Mac addresses of machines. At my workplace, it's mostly Dell machines, a few Compaqs and a few legacy kingston ethernet cards in either (more about this in #2)
      2. All ethernet devices have a pre-defined "preamble" that defines the manufacturer. Dump your arp table off of your managed switch and look for these.

      If you get good at this, you would be able to glance at your switch's tables and see at the very lea
    • (a synopsis of the above post)

      FINDING A ROGUE ACCESS POINT
      Simple step-by-step instructions for PHBs

      1. Break WEP key on access point
      2. Turn on routing and NAT on the AP
      3. Set up an internal website to long its WAN IP address
      4. Given the IP address, find the MAC
      5. Set up DHCP server to deny the MAC and IP address
      6. Flood the network with ARPs.
      7. Set up a honeypot that spoofs TCP/IP responses.
      8. ???
      9. Now that you have found the AP, unplug it. (The black cable with two prongs at the end)

  • Fake it (Score:2, Interesting)

    by jcorno ( 889560 )
    Set up your own access point with the same SSID and see who tries to connect.

  • Is it open? (Score:3, Interesting)

    by dvdsmith ( 892766 ) on Thursday July 14, 2005 @07:52PM (#13068502)
    Here is an idea for people who bring in an off-the-shelf wireless router. If they are dumb enough to leave SSID visible, perhaps they left it at the defaults. See if you can join it and then try a default password. There you can find the MAC address on the WAN side. If you have at least layer 2 managed switches on you network, you can log into them and look at the tables to determine which port it is comming in to. Hopefully you have a current map of your network (i.e. jack #23 in the wiring closet goes to the General Managers office.) The last place I worked for had no such map, I had to make it myself. If someone cries foul that I suggest they "hack" into someones personal property, tough. The culprit is using Company resources and leaving a door open into the network, possibly affecting others. Hope this helps

    • Re:Is it open? (Score:3, Insightful)

      by Glonoinha ( 587375 )
      Better yet, connect to the AP management tools using the default password and just enable WEP with a random key. As far as the newbie that plugged an unconfigured AP into the network is concerned it just 'broke' (wifi is mostly magic to all but a select few.)

  • Check the LAN switches (Score:4, Insightful)

    by MeanMF ( 631837 ) * on Thursday July 14, 2005 @08:08PM (#13068600) Homepage
    Try browsing through your LAN switch's MAC address tables.. The manufacturer ID on the WAP will probably be different than most of your other computers' network cards.
    • Or, if you "warwalk" your office, NetStumbler will tell you the manufacturer of any access points it finds (unless the owner has intentinaly masked it), then go looking in the MAC address tables for those manufacturers, and block any MACs that don't belong.

      If you have managed switches, you should be able to get the physical port number, then take a walk to the wiring closet, and find out what's patched to that switch port.

      Hopefully you have some documentation of what desk is at the other end of your patc
  • Comment removed based on user account deletion

  • Treat the DISEASE, not the symptoms (Score:3, Insightful)

    by Noksagt ( 69097 ) on Thursday July 14, 2005 @08:31PM (#13068734) Homepage
    If your network is good enough, there wouldn't be a need for rogue WAPs.

    Supply your users with a better wireless network! Make sure there is connectivity EVERYWHERE & then lock your own network down (through VPN, WPA+Radius, or whatever).

    If even facility-provided wireless is absolutely verboten everywhere, just put up jammers & be done with it.

    Or change your AUP and internal network security so that you wouldn't care about WAPs.

    If you decide to go hunting for them, you'll have to do it more than once. There is employee turnover & machine turnover & anyone can bring in a new WAP.
    • If only I had the mod points, there are some people in this /. on about firing the 'culprit' and such.

      Although the poster hasn't stated his intentions when finding the responsible employee I hope he considers asking him (presuming he didn't just forget to turn off the AP) why he needed it, overlooking the incident, no harm done (after securing the network) and seeing what can be done to prevent the need for using these devices in the future.

      You're spot on.

  • Simpsons Quote (Score:3, Funny)

    by paul248 ( 536459 ) on Thursday July 14, 2005 @08:39PM (#13068782) Homepage
    Just ask Frink:

    "I have captured the signal and am presently triangulating the vectors and compressing the data down in order to express it as a function of my hand... They're over there!"

  • Well... (Score:2)

    by Knara ( 9377 )
    If you are that worried about it, some of these other suggestions may work, but you're gonna be doing it over and over again.

    What you really need to do for the medium-long term is prevent the access points from working at all (something like only allowing registered MAC addresses to get DHCP leases, for one example).

  • non-tech solution (Score:4, Insightful)

    by fred fleenblat ( 463628 ) on Thursday July 14, 2005 @09:34PM (#13069100) Homepage
    Send out a company-wide email reminding employees about the corporate policy against bringing wireless access points from home. Ask anyone who has one to please disconnect it and remove it from the premises thank you for your cooperation etc etc.

    Worker bees will comply almost instantly. If it's still on the air by that evening, start looking in manager offices. If you can at least isolate it to one floor you should be able to just LOOK for it. It's connected to the network, right? Follow some ethernet cables and you'll eventually find it. It's not like they would hide it in a metal filing cabinet.

    And when you do find it, don't be an @$$ about it. Just remind the misguided soul that this is against corporate IT policy and we'll be happy to extend a supported AP into the ceiling near you on monday.

  • RF "video" camera (Score:3, Interesting)

    by yancey ( 136972 ) on Thursday July 14, 2005 @09:47PM (#13069180)
    Why isn't there a product available that allows one to "view" RF like a camcorder.. or at least still photos? Could something like a CCD sensor be built that would be tuned to radio frequencies instead of light frequencies? This sort of device would be extremely useful for locating RF signals, helping to find sources of interference, verifying whether antenae are active or not, looking for someone using a radio while hiding behind a bush with a gun, you know.. things like that.
    • " Why isn't there a product available that allows one to "view" RF like a camcorder.."

      There is but Geordi is still using it because his bionic eyeballs haven't been invented yet. Perhaps you could substitute a small engine air cleaner.

  • Send out email:

    Do you have a wireless access point or router? They are a potential security risk! Let IT know about it and we'll make it secure... because if it isn't secure, we could get hacked, and your ass will be on the line. We will be searching them out soon. You have been warned!

    People will generally do the right thing.

    After a week or so, just walk around with something running Kismet to alert you to the obvious, but more importantly simply LOOK in peoples cubies: If you try to hide an AP/R

  • Equipment sensitive enough for you to determine direction is expensive. Triangulation even more so.

    1) Attach to the access point (assuming it's not using WPA)
    2) Traceroute back to find out the access point's IP
    3) Look up in your manuals (you *do* have manuals, don't you) to find out where that IP block is assigned
    4) Invade the sales department.

    Alternatively, after you connect, try the usual addresses to access the admin interface of the AP. Change it to some settings that will never work, then chan
  • by nicely asking the people in the cat detector van [alltooflat.com] perhaps?...
  • If they really connect to your network, you may not really need to physically locate them to get them off your network.

    What you could do is attach to the wireless network (don't try this in Florida ;) ). If it appears to be connected to your corporate network, you can visit a website under your control and gather more info (e.g. if there's NAT/firewall involved what IP address it is), and then figure out the relevant IPs and MACs.

    Next look for the MACs in all your switches (easily automated queries to you
  • I've seen lots of solutions posted, the simplest probably being triangulation with a directional antenna.

    Another solution is to combine a GPS unit (Or just a map of your office since you know where you are in it) with the detailed signal strength that apps like netstumbler can produce. As you walk around the office you're plotting signal strength points on a map. It would shortly become quite clear. Given enough points you don't even need to do any math or draw any lines. With very few points you can still
    • I believe that both netstumbler and ministumbler will automatically interpret the GPS data combined with the strength data to give a rough idea of where the AP is.
    • GPS won't work in most offices. I mean, if your offices are a tent city, sure, but otherwise, the roof will likely kill the signal enough that the accuracy will be useless, assuming you can get a signal at all.

      GPS is good for figuring out where an access point is, but only on a building level, (is the AP in this building or that one?) not on a desk/office/cubicle level.

      Also, see other posts for good points regarding the issue of indoor reflections of signal.

  • Vague on details (Score:3, Insightful)

    by vga_init ( 589198 ) on Thursday July 14, 2005 @11:19PM (#13069646) Journal
    "As an IT Manager I'm concerned about unauthorized Access Points being installed, or users who setup wireless computer to computer networks."

    Let me get this straight...you're out to find "unauthorized" network activity between computers? As stated in previous posts, who owns these computers? Who owns the network?

    If it's your network, then you need to record the MAC address of the unauthorized machines and use security measures to lock network. More securely, you can even configure the network to provide service *only* to authorized network adapters. That's how they do it here, and this is a public school (if THEY can do it, then you certainly can ;) The IT administration here is a bunch of boneheads).

    But what happens if they're not on your network? Well, then we start to cross into a gray area of sorts. More variables need to be considered where none are given, such as who owns the machines and what restrictions the employees have agreed to previously.

    If they own the computers, are running the network themselves, and are not violating any agreement with their employer, then finding/squashing the networks is really none of your business.

    • A company has legitimate reasons from wanting to stop you from setting up wireless networks at the office.

      Say you want to use your corporate laptop in a conference room without a network conneciton and you don't have 802.11. You circumvent IT and set up your own and plug it into the network. Congrats! You could easily have just opened up the network to neighboring companies, wardrivers, etc. "oops!"

      As to the presumption that its fine to bring equipment in to the office. Say you want to bring in a personal
      • I fail to see how your post actually responds to my own.
        • You wrote:

          "If they own the computers, are running the network themselves, and are not violating any agreement with their employer, then finding/squashing the networks is really none of your business."

          I disagreed. Adding your own wireless network that is connected to the corporate network is a security risk.

          • Well, if they are not violating an agreement with their employer, then there is no policy against their activities, yes? If indeed there is a security risk, then the issue should be addressed formally and considered fully before taking action. Once policy is established, the employees then must comply.

            In case you think otherwise, I don't disagree with you at all; everything you said makes sense. I was just wondering how they were related because you seemed to take a contrary position. :)

            Anyway, all I m

      • if there is a wireless gaming network set up, it is owned and operated by the IT department i assure you of this.

  • This one [slashdot.org] is highly directional.

    These [slashdot.org] might be easier to aim.

  • adsfdsaf (Score:2, Funny)

    by vbrtrmn ( 62760 )
    Why not announce an outage for your company's WiFi, then it would be much easier to figure out where the other access points are.
  • I don't know if anyone else had the thought, but when I read the question I had visions of the film Independance day where they pull up the car next to the White house, he sets up an antenna and determines the exact point in the building his ex-wife is.

    I'm no network security expert, but you could scan all machines for those with abnormal ports open. You could look for 80 or 8080. I think XP machines do not listen on port 113 while off the shelf wireless routers do. Then just cut off that user. Obviously i
  • They tend to mess up the office and Phil from accouning got burned at the stake last time. But they do a good job, we think. It's an office tradition. Besides, I didn't like Phil that much anyway.

  • I hope you fail (Score:3, Interesting)

    by egarland ( 120202 ) on Friday July 15, 2005 @01:09AM (#13070226)
    Trying to stop people who obviously are setting up workarounds to serious shortcomings in your companies IT department is not useful. Make them go away by making them unnecessary.

    Each access point that exists is an employees time and money your IT department wasted. Now you are wasting more time and money hunting them down and if you succeed you will waste even more by forcing the employee to find another workaround.

    Some people's job is to get stuff done. Other people's is to stop people from getting stuff done. Most companies would be better off if they fired everyone of the second type.
  • You want the Auditor Collection [remote-exploit.org] CD and a decent directional antenna, such as a Cantenna or, if you have some cash, something by Huber & Suhner [hubersuhner.com]. Auditor is, by a far stretch, the best wireless security tools collection out there--it's a great complement to something like Knoppix-STD.

    A Fluke [fluke.com] Can help regarding signal strength, but the built-in antennas generally aren't great for spotting directions. They can help you start delimiting a general area without having you look like an idiot walking around w
  • What aout using a laptop logging GPS position and wifi signal strength at 2 second intervals. You'd possibly need to make the range of the wifi card smaller. Get whoever pushes the post troilley around to take it with them. From the logged data, it should be possible to locate each AP on a GPS map...
  • They can train dogs to find bodies, drugs, people, people's cancer.

    Next..the amazing WAP smelling dog [sony.net].
  • Just watch arp traffic, and you should be able to see when a new device is plugged in, and the vendor of that device. It should be easy enought to deny that device an ip address, using the mac address, in your dhcp server.

    A wireless access point with no internet connect isn't much of a threat.

    You could also run a program like jffnms that probes your switches for ports. When a new port comes active, you should see it pop up on the interface. You can then match that up with arpwatch to see if that's a valid
  • Do you have a closed network or an open network?

    If it is closed, finish closing it, don't let your routers even talk to unauthorized devices that might get plugged in (so you don't talk to the wifi box), and ring alarms if unauthorized MAC addresses appear. Certainly don't have your DHCP server issue IP addresses to just any device that gets plugged in.

    If your network is open (because you secure your traffic and machines), then maybe there is no harm in having wifi on it. Install access points for your
  • -Obtain the APs MAC address.
    -Find the interface which has learned this MAC address.
    -Identify the cabling port that connect to that interface.
    -Consult your cabling schedule to determine the location of that port.

    Or next time save yourself the headache of unathortized devices plugging into your network and implement some type of network authentication scheme. That, or, shut down all unused ports and set your switches to only learn one mac address per port.

Slashdot Top Deals

Get hold of portable property. -- Charles Dickens, "Great Expectations"

Close