Computerworld - For the past month or so, I've been struggling to find a way to locate and eliminate rogue wireless LAN access points (AP). This week, I believe I finally found an answer.
I was thinking that APs, which typically function as a bridge between wireless and wired LANs, should act like a traditional Ethernet hub. That means attached devices should broadcast their media access control (MAC) addresses to the AP, which should pass that information to the LAN switch. The switch then keeps a list of MAC addresses and the associated LAN ports in memory.
With that in mind, I conducted a test. I used my AirMagnet handheld scanner to detect an improperly configured AP. Mountain View, Calif.-based AirMagnet Inc. includes a cool utility with its scanner that lets you communicate with a detected AP.
Associating to the AP was simple, since - like most consumer-grade APs that show up in the enterprise - the test AP broadcast its Service Set Identifier (SSID) access code by default and had no encryption or other authentication mechanisms enabled.
Not only was I able to communicate with the AP, but my company's Dynamic Host Configuration Protocol server immediately assigned my laptop an IP address. Since this address was internal to our network, I knew I could open a browser and reach our corporate intranet.
So I went to work. I went to an area where I had detected a rogue AP before, booted up my laptop, connected to the rogue AP and used a browser to connect to our corporate intranet. Then I logged into one of our Cisco Catalyst LAN switches to search for my laptop's MAC address in the switch's content-addressable memory table.
By issuing the command "show cam dynamic," I should have been able to view a list of addresses and associated switch ports. The problem was, I wasn't sure which building the rogue AP was in. I had to log into three different switches before I finally found my laptop's MAC address. From there, finding the illicit device was just a matter of going into the wiring closet, tracing the cable from the switch port to the patch panel and cross-referencing that with the associated wiring maps to determine the exact jack location.
I found this one in a conference room - hidden above one of the ceiling tiles. The only indication of its existence was the telltale Ethernet and power cables stretching down one wall. I had been in this very conference room a few weeks before. How
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
