[Dshield] RE: Wireless networks and corporate LANS

Chris Brenton cbrenton at chrisbrenton.org
Sun Feb 29 03:21:58 GMT 2004


On Sat, 2004-02-28 at 20:51, Mark wrote:
>
> I haven't seen many "patched"
> systems that automatically join any (not "any")
> wireless network unless configured purposely to do so.

This is not a patch thing but a config issue. If you use wildcards, then
the node will grab onto any AP node it can find. Kind of hard not to use
this settings for a road warriors that may need access in hotels,
airports, home, etc. 

> There are companies that are producing products to
> "detect" machines configured in this manner. Newbury
> Networks (i have no affiliation) has a product that
> can identify machines configured in a given "area"
> (defined as a physical space) and create an alert to
> IT that a system in the defined spaces has a wireless
> association to an unapproved network.

I think I'm confused. so if the last AP node I found was DULLES_AP104,
and I boot my system in the office and it tries to reconnect to that AP
before hunting for others, IT gets an alert on this? If so, sounds like
you would get a lot of false positive alerts. 

> Microsoft is also working on
> some products (to be announced) that will facilitate
> the detection of rogue access points. 

Microsoft purchased NetStumbler? ;-)

HTH,
C





More information about the list mailing list