wifi rogue networks

Posted on 2006-03-23
Last Modified: 2010-04-07
can wifi rogue networks be detected by a wireless intrusion detection system(WIDS)? If so, which WIDS(s)?
Question by:thebw
    LVL 2

    Expert Comment

    rogue access points can be detected. has a solution which they call "WiSentry". Here are the features:

        * Detect Wireless AP's from the WIRED network and uniquely identify Rogue Devices
        * Now provide VLAN Mode - optimized to VLAN topologies
        * Provide real-time configurable alerts to network administrators
        * Record information about intrusions for analysis and reporting
        * Are entirely software-based, allowing for easy download, deployment, and risk free evaluation

    From another source you can download a whitepaper:

    And here is a discussion article from networkworld if this is really needed:

    So, there is a WIDS available .... and not just one ;-)

    LVL 7

    Accepted Solution


    There is a tutorial that help you Track Down Rogue Wireless Access Points

    EXTRACT form above
    There are a couple of ways of detecting Rogue APs.
    One of the more popular and cost-effective techniques is to have a technician perform manual checks with a laptop or PDA running NetStumbler.

    NetStumbler is a tool for detecting all wireless networks within a broadcast area. There are actually two different versions of NetStumbler, and both are downloadable for free at the company's Web site. One version is designed for use with laptops, while the other version (Mini Stumbler) is for use with a Pocket PC. Both versions also support the use of a GPS card. This allows NetStumbler to create a map showing the locations of all the wireless APs within a specified area.

    The simplest way to hunt down a Rouge AP is to take a laptop that's running NetStumbler and walk in the direction that produces the greatest signal strength from the questionable access point. You'll soon know if the signal is coming from within your building or from somewhere else. If the signal is coming from your building, you can probably use the signal strength to narrow down your search to a single room. After that, you'll just have to hunt around the room until you find the access point.

    These techniques should work well enough in a small office, but for larger environments, you should really consider investing in something a bit more specialized. There are a number of proprietary solutions available from a variety of creditable vendors. These vendors will deploy an advanced RF monitoring system into your network that can monitor the air and detect access points. Some have even gone as far as being able to classify if a unauthorized AP is actually plugged into the network and is causing an immediate threat or if it's just the local Starbucks across the street. Many of these systems can be deployed for pennies per square foot.

    If you have such an environment, I'd recommend visiting the Aruba Networks Web site. Though not as economical as NetStumbler, (the cost varies according to the size of your network), wireless products from Aruba can help you gain far greater control over your wireless network environment. Products from AirMagnet and AirDefense are also popular choices for wireless network security. These products allow you to track down the rogues based on channel, MAC address, radio band, SSID (define) or vendor. On top of that they can monitor the air 24/7 and send alerts if a rogue is detected. They can also alert you to repeated authentication failures that might signal the presences of a hacker.

    Well you can read the complete tutorial above link.

    LVL 2

    Expert Comment

    Try downloading backtrack and running it from a laptop. Use Kismet on it, it finds all sorts of wireless networks. It's all free and extremely powerful.

    You'll need to make sure the laptop has a good spec wireless system to get the most out of it.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now