alamarco
Rin
join:2003-06-18
Windsor, ON
clubs:
 ·Cogeco Cable
|  MAC Address Monitoring
Is there any applications that can detect illegal MAC addresses?
I know AirSnare can do this, but it doesn't work with my card (Broadcom 4318, laptop). I also checked out WallWatcher, but I don't think you can configure it to behave in this way. I had WallWatcher spitting out a ton of information, but didn't see anything in the Alert menu dealing with MAC addresses. |
|
LLigetfa
join:2006-05-15
Fort Frances, ON | what makes a MAC addy illegal? Do you mean cooked up as in not an assigned OUI?
Check out ARPWatch. |
|
stevech0
join:2006-09-17
San Diego, CA | reply to alamarco
If "illegal" means you have people connecting to your WiFi without authorization - just turn on encryption. |
|
alamarco
Rin
join:2003-06-18
Windsor, ON
clubs:
·Cogeco Cable
| reply to LLigetfa
By illegal I mean MAC's which I know aren't PC's on my network.
From Arpwatch
quote:
Arpwatch is a tool that monitors ethernet activity and keeps a database of ethernet/ip address pairings.
I don't think it does what I want. I'll give it an install later (work soon) and see for sure.
Any other suggestions? |
|
LLigetfa
join:2006-05-15
Fort Frances, ON
| said by alamarco  :I don't think it does what I want. Ethernet address is MAC address. It's not enough to just watch for MAC addies as MACs could be spoofed/stolen.
I use my Fluke software to throw WhatsUp Gold a trap whenever it discovers a new MAC and WUG then fires me off an email.
On my hotspot, all my APs and router log to a central syslog server that I monitor with php-syslog-ng. It does not throw alerts.
--
Strange as it seems, no amount of learning can cure stupidity, and formal education positively fortifies it. -- Stephen Vizinczey |
|
tubbynet
Just a green in a sea of blue and red
Premium
join:2008-01-16
Mesa, AZ
 ·Sprint Mobile Broa..
·Cox HSI
 ·FrontierNet Intern..
| reply to alamarco
While I can see the need for this capability, I would like to second the opinion put forth by stevech0 . i run a cisco wireless LAN controller and several cisco LWAPs on my network. additionally, i live in an apartment complex and am blasting out enough RF to cover quite a few units around me. i am using wpa/wpa2 with a shared key (i think this goes by tkip/aes in the consumer router market) and, while i see many clients trying to probe my network (which is something as simple as using windows WZC to view available wireless networks), no one ever associates to my network other than those which i have specifically granted access.
if you are really worried about security, i would set up wpa2/aes with a strong key and restricting physical access to LAN ports.
additionally, if you are looking at a corporate installation, i would suggest looking at the cisco wireless lan controller (WLC2106) and several cisco lightweight access points (LWAPs). this will provide a great amount of monitoring and flexibility when deploying access points.
q. |
|
sded
Premium
join:2002-11-04
San Diego, CA | reply to alamarco
Did you install the latest PCAP4 version? The 3.1 that comes with Airsnare is quite old. Also remember to right click and start your adapter? Airsnare works for me under Vista with pcap4 and various newer cards. |
|
