AP Scanning detection (Paul Gonin)
Moustafa A. Youssef
moustafa at cs.umd.edu
Sat Jun 22 00:55:04 EST 2002
In theory you can. A node performing AP scanning sends a special message
(probe request) that can be identified from the header. If you have
access to the raw packets (through monitoring mode or host ap mode),
you can detect nodes performing scanning. The problem is that normal
nodes can perform scanning while they are roaming. However, you can use
the scanning rate, node id, etc to identify unwanted nodes.
Regards,
Moustafa
>
>Message: 2
>Date: Fri, 21 Jun 2002 07:15:14 -0700
>From: Paul Gonin <paul-ml at gonin.net>
>To: wireless <wireless at lists.samba.org>
>Subject: Re: AP Scanning detection
>
>Thanks for your answers.
>I actually know about AP scanning (I have the wireless tolls v24 working
>now and I can `iwlist eth0 scanning` without a problem to scan for AP
>and ad hoc cells.
>
>What I actually wanted to konw was if I was 'invisible' while doing AP
>scanning or if it was imaginable (even if there is no known
>implementation yet) to detect a wireless node doing AP scanning on your
>network.
>Then I could put a 'laser beam' weapon that blasts everyone scanning my
>network ;-)
>
>Thanks
>Paul
>
More information about the wireless
mailing list