Is there a more appropriate mailing list for this topic?

On Mon, 02 May 2005 07:29:48, wrote:
> In my searching, I pondered long and hard on rogue wireless APs
> and contractor/vendor laptops with wireless enabled becoming a
> potential vector.

Have you considered network-level controls to prevent or detect the
deployment of rogue wireless APs? See

> While I scan our main building once a week with some
> wireless security tools, it is not feasible for me to contiuously drive
> around and scan all of our sites. I know also that I could put some
> sort of wireless IDS/Honeypot type thing out at each site, this
> would be expensive, and right now we are not flush with cash.
> I have been pondering putting an 802.11 jammer on site at each
> location (again, we don't use wireless, so it should not impair
> anything) and thought that might be a cheaper option.

If you are in the US, there are FCC issues with intentionally jamming
the 802.11 spectrum with an active transmitter.

I recall at least one open source tool which attempts to identify
access points from the wired network by their MAC and other
unique characteristics of the LAN-facing interface of APs?

You might create and enforce a LAN policy restricting the addition
of *any* new devices to the wired network, and enforce this policy
through firewall rules, 802.1x, and switch features. This should
provide alerting when any rogue connection is added to the network,
wireless or wired.

Kevin Kadow
firewall-wizards mailing list