Locate Rogue AP
Last Post: August 7, 2005:
-
We are implementing the Intrusion and Dectection. How do you find the physical location of the rogue Access Point? We know the IP address of the Access Point and the approximate location.
Thanks. -
I did a lot of this in Iraq. If I sound crazy or you don't understand the technique, just email me and I can walk you through (dswicegood@smartronix.com)
1)Using a directional antenna like a yagi or a dish, and software like Kismet, netstumbler, or airmagnet, you can hunt it down to within an office space or building. If you only have freeware like Kismet, use your directional antenna and a map. Move off about 5o-100 yards and sweep the antenna slowly (remembering to lock the channel in so you are not missing signal due to scanning).Once you rule out the area where the signal is not strong, draw a line on the map corrsponding to the direction you are looking when you get the strongest signal with the directional antenna. Now, move off to 90 degrees from where you just scanned and still remain about 50-100 yards from where you suspect the signal is coming from. Do the same steps as before (sweeping the antenna and drawing a line on the map). Your lines on the map should intersect to give you a small region to search. Look for the obvious places like next to workstations and ethernet wall jacks and server rooms. Then look for places under desks, in closets, and even on top of the ceiling by lifting up a suspended ceiling tile and scanning across the upper ceiling while on a ladder.
If you still can't find it, use the lessons learned in the CWNA book to reduce the sensitivity of your yagi antenna by adding resistors and use the aforementioned software choices to pinpoint the signal. You can get the antennas at many places like radiolabs.com. Not too expensive if this is your full time job.
Good luck.
PS. GPS features on software like Kismet and Netstumbler don't tell you where the signal is coming from, they only tell you where you are standing when you pick up the signal. -
If you have Sencers like Airmagnet's Enterprize. They will find it by (can't spell the word) Tri-angulate it. Three spoints to find any given point. They will also look for it on the wired side and tell you the port that it is on. Thats' if you use SNMP.
Phil
- 1