Kismet Wireless

Kismet Forums

 

Posted by:kismetninja
Subject:Rouge Access Point Detection
Date:10:58:39 29/01/2013

Good Day,

I'm trying to build a wireless intrusion detection system using kismet to detect rouge access points that are connected to our corporate LAN.

The problem that I'm trying to solve is how would kismet differentiate a rouge access point connected to the corporate LAN from the non-connected access points. Is there a feature of kismet that would solve this?

So far, a viable option would be to get the CAM table of the switches via SNMP and compare the BSSID of the potential rouge access point. If it matches, then we know the rouge access point is connected to the LAN. We can then shutdown the port it is connected to.

I'm interested if there are other approaches in detecting the access point with this scenario?

Regards,
Dex


Reply to this message