Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Locating a hidden access point in our facilities

Posted on 2015-01-14
5
Medium Priority
?
179 Views
Last Modified: 2015-01-26
We have a new wireless network in our facilities and the access points are detecting a rogue access point in the building. Apparently someone installed a wireless access point in the past with a hidden ssid and no one knew it was there.  Other then a couple of Android apps I've found, is there any way to locate a hidden broadcasting access point that is most likely not connected to the current network , but yet the radio is working and possibly it's trying to serve dhcp.....  We can isolate it to one part of our facilities because of the current access points it's conflicting with show us the area it's in. But there are a lot of places one could be hidden in this building. Is there something that by signal strength or something of that nature that would help us locate this device?
0
Comment
Question by:holcomb_frank
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 2

Accepted Solution

by:
NxJNY earned 668 total points
ID: 40548878
0
 
LVL 14

Expert Comment

by:Don Thomson
ID: 40548887
It sounds like one of your Employees has a Smartphone and has turned on WI-Fi hotspot. That allows you to use your Smartphone to turn on a mini wireless router on the phone

I use this all the time when I'm away from the office and need to access a WiFi signal for my laptop.

If you have access to an android Smartphone, download WifFiAnalyzer it should pick up the Wifi hotspot. Once you have identified the SSID  - change the view type to Signal Strength  and start walking around.

You should also put out a memo to all staff to make sure that when they at work - they should make sure that the WiFi Hotspot on their phone is turned off.

If it happens that the signal is coming from outside your offices, and is not password protected, you can use the WiFi Analyzer program to find where it's coming from and ask the owner to put a password on it.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 668 total points
ID: 40548899
I did an article on locating rogue DHCP servers a while back.  The section on identifying the device may be helpful in determining what device you are looking for, but not where if not physically connected to the network.
http://blog.lan-tech.ca/2012/04/23/rogue-dhcp-servers/
0
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 664 total points
ID: 40550071
As DTHConsulting said, walking around with a signal meter is probably going to be the fastest way to locate a rogue AP.  NxJNY has done a great job of pointing you at some good tools to help you.

Your APs should be reporting the MAC address of the rogue, so all you need to do is use a WiFi scanning tool to sniff-out the AP.  Remember, negative values are used for signal-strength, so -91dBm is a weak-to-non-existent signal while -39dBm is a strong signal.
0
 

Author Comment

by:holcomb_frank
ID: 40570760
Well it was never a question of someone's phone working as a hot spot. We had our current wireless network reporting a rogue AP and it had a company name on it so we knew that it was a router placed somewhere in the building. The problem was that no one knew where it was located, and the installer did so not broadcasting the ssid.  I did some research prior to coming to the site here, and I did see the tools mentioned in NxJNY's suggestion, and again in Rob Williams suggestion. And I did try a couple of those tools, but was unsuccessful....Homedale for one.  Eventually, I just started climbing around in the crawl space's looking for power and Ethernet in the same area. I did eventually find a Linksys small business access point tucked away.

Thanks for the suggestions.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question