We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


wifi rogue networks

thebw asked
Medium Priority
Last Modified: 2010-04-07
can wifi rogue networks be detected by a wireless intrusion detection system(WIDS)? If so, which WIDS(s)?
Watch Question

rogue access points can be detected. http://www.wimetrics.com/ has a solution which they call "WiSentry". Here are the features:

    * Detect Wireless AP's from the WIRED network and uniquely identify Rogue Devices
    * Now provide VLAN Mode - optimized to VLAN topologies
    * Provide real-time configurable alerts to network administrators
    * Record information about intrusions for analysis and reporting
    * Are entirely software-based, allowing for easy download, deployment, and risk free evaluation

From another source you can download a whitepaper: http://www.proxim.com/learn/library/whitepapers/Rogue_Access_Point_Detection.pdf

And here is a discussion article from networkworld if this is really needed: http://www.networkworld.com/newsletters/wireless/2004/1115wireless2.html

So, there is a WIDS available .... and not just one ;-)


There is a tutorial that help you Track Down Rogue Wireless Access Points

EXTRACT form above
There are a couple of ways of detecting Rogue APs.
One of the more popular and cost-effective techniques is to have a technician perform manual checks with a laptop or PDA running NetStumbler.

NetStumbler is a tool for detecting all wireless networks within a broadcast area. There are actually two different versions of NetStumbler, and both are downloadable for free at the company's Web site. One version is designed for use with laptops, while the other version (Mini Stumbler) is for use with a Pocket PC. Both versions also support the use of a GPS card. This allows NetStumbler to create a map showing the locations of all the wireless APs within a specified area.

The simplest way to hunt down a Rouge AP is to take a laptop that's running NetStumbler and walk in the direction that produces the greatest signal strength from the questionable access point. You'll soon know if the signal is coming from within your building or from somewhere else. If the signal is coming from your building, you can probably use the signal strength to narrow down your search to a single room. After that, you'll just have to hunt around the room until you find the access point.

These techniques should work well enough in a small office, but for larger environments, you should really consider investing in something a bit more specialized. There are a number of proprietary solutions available from a variety of creditable vendors. These vendors will deploy an advanced RF monitoring system into your network that can monitor the air and detect access points. Some have even gone as far as being able to classify if a unauthorized AP is actually plugged into the network and is causing an immediate threat or if it's just the local Starbucks across the street. Many of these systems can be deployed for pennies per square foot.

If you have such an environment, I'd recommend visiting the Aruba Networks Web site. Though not as economical as NetStumbler, (the cost varies according to the size of your network), wireless products from Aruba can help you gain far greater control over your wireless network environment. Products from AirMagnet and AirDefense are also popular choices for wireless network security. These products allow you to track down the rogues based on channel, MAC address, radio band, SSID (define) or vendor. On top of that they can monitor the air 24/7 and send alerts if a rogue is detected. They can also alert you to repeated authentication failures that might signal the presences of a hacker.

Well you can read the complete tutorial above link.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Try downloading backtrack and running it from a laptop. Use Kismet on it, it finds all sorts of wireless networks. It's all free and extremely powerful.

You'll need to make sure the laptop has a good spec wireless system to get the most out of it.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.