Security – How to detect rogue WIFI routers on a network

networkingSecuritywifi

My client recently changed their network policy so now all WIFI routers are disallowed from the network. They said they would be running some scans and that they would be able to find "rogue" WIFI routers on the network.

How would they be able to detect these WIFI routers and access points? They are located remotely to the 100+ branches/corporate offices, so it's definitely a network tool and they're not walking around with WIFI detectors or anything like that.

Just curious, as I thought it was interesting.

Best Answer

If they're just now implementing that policy then my gut says that their threat of a scan is just scare tactics. But that's just me being cynical...

A few methods would be

If the device is a router and not just an access point then they'll be able to see it in the routing paths
Network infrastructure device manufacturers have mass blocks of MAC addresses assigned to them to use for their products making it fairly reliable to determine a manufacturer by the MAC address of the device. If, all of a sudden, a few LinkSys or D-Links start popping up and the admins know they don't use those devices....
They can look in DHCP. This is especially easy if the network is using reserved DHCP addresses for clients. Anything not in the reserved pool is suspect.

Best Answer

Related Solutions

Networking – How to Find a Rogue DHCP Server on Your Network

Windows 2008 Server cannot access any network share

Related Topic