Rogue Access Point Detection Using iWIDS
Rogue Access Point Detection Using iWIDS
iWIDS is an online wireless instrusion detection system (WIDS) that leverages the wireless scanning capabilities of a Windows XP/Vista/7 PC to discover rogue access points and determine if they are plugged into the wired network.
Rogue Router Access Points (AP)
The most common type of rogue access point is a consumer grade access point router. These devices usually cost less than $75 and can be purchased from almost any electronic store.
The ease in setting up these devices to provide wireless connectivity is also why they tend to be the most common rogue access point found in enterprise networks.
Detecting Rogue Router APs
Rogue router APs are part access point, part router, and part multi-port switch.
They can be connected to a wired network using the LAN (trusted) port or the WAN (untruested port). Between the LAN and WAN port NAT is enabled so that that the single IP provided by the ISP can be shared by multiple users connected wirelessly or via teh wired switch.
In almost every case, the last octect of the LAN, WAN, and wireless interface MAC addresses are adjacent to each other. This means that the MAC addresses are +/- a few values from each other.
Leveraging this common MAC address characteristic of router APs, a combination of wired and wireless analysis can be used by iWIDS rogue wireless access point scanner to correctly determine if the router access point is plugged into your wired network.
iWIDS In Action
Below are results of a scan on our test network that has multiple access points and one consumer grade router access point plugged into the wired network. Using a Windows 7 PC that is wirelessly connected to the network via we scanned to see if the application could correctly determine which device was the rogue router AP.
The application correctly detected the rogue access point router (MAC adddress ending in :43 with blue highlight) and the two other access points.
System Requirements and Usage
- Latest version of Java recommended (tested using version 1.6 update 16)
- Windows Vista or Windows 7 PC with wireless network card enabled (not fully compatible with Windows XP at this time). Ethernet card can be plugged in to wired network and/or wireless connected wirelessly to wired network to be scanned :-)
- Wired Ethernet interface or wireless interface should have an IP address (DHCP or static) that is valid for network being scanned
- Wireless interface can be disconnected from wireless network
- After loading, software will automatically search for all IP addresses on wired network and compare to discovered wireless devices
- Detection results will be displayed in “Wireless Devices On Subnet” window.
- Results can be emailed by configuring applet with SMTP information. Enter text that should be included in email before and after results in pretext and posttext areas.
Test drive iWIDS on your home or work network. Please share your results by leaving a comment.
- Free Rogue Access Point Detector Updated
Free Rogue Access Point Detector Updated Rogue Wireless Access Point Scanner is an online rogue wireless acces point scanner scans for wireless devices and then... - Wireless Access Point Router Autopsy
Wireless Access Point Router Autopsy The most common types of access points are called wireless routers or cable/DSL routers. A Linksys WRT 54G is shown...
If you liked this post, subscribe using below
WLAN Book RSS Feed
WLAN Book by Email
.
Filed under: WLAN Security, WLAN Tools
WLAN Book RSS Feed
Follow @wlanbook
Leave a Reply