Use my officially endorsed Rogue Remover (TM) (Pat. Pend.) Otherwise known as a baseball bat.Originally Posted by curriegrad2004
If they are intentionally mimicking your own network then you might be able to report them, but I'm not sure how well that would go over. You could try changing your SSID and see if the mimicking continues, if it does, then you'd have shown that they have the intent of doing harm. You'd want to log all the evidence that you have.
If the AP is actually on your property and owned by an employee, then you make it very clear to them that they are in violation of whatever corporate policy and that they are to remove it immediately or it will be removed by IT and disposed of. Of course, have the proper authorization from management for such a thing.
As for the GPO thing, that's a good idea.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Use my officially endorsed Rogue Remover (TM) (Pat. Pend.) Otherwise known as a baseball bat.
Thorn
Stop the TSA now! Boycott the airlines.
It usually only takes one use of said device and all employee owned devices go home pretty damn quick. I've used similar means, and had to do it a few times, you'd think teachers would learn quicker....Use my officially endorsed Rogue Remover (TM) (Pat. Pend.) Otherwise known as a baseball bat.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
Thanks! You just inspired my new slogan: "With just one smack, they'll take it back!"It usually only takes one use of said device and all employee owned devices go home pretty damn quick. I've used similar means, and had to do it a few times, you'd think teachers would learn quicker....
Please excuse me, I'm off to find Billy Mays.
Thorn
Stop the TSA now! Boycott the airlines.
What I implied by the other legal means is a firearm, well not exactly a firearm, but it can do real pain.
But for now I set SSID broadcasting off and I'll see how it goes. Also I haven't been getting reports from my users that their accounts are getting locked out because somebody is really trying to get in... So far the IAS entries in the system log look okay, no attempted unauthorized accesses yet...
Okay, so what does turning off SSID broadcast do for you?
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
Other than fscking up the Roaming feature of the network?
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Yea, other than that. If the supposed rogue is spoofing the OP's network, seeing a hidden SSID is going to be cake.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
Instead of it being an actual tangible access point, I'd say it's someone using a laptop with hacking software (I won't mention any Linux distributions in particular).
One thing to be aware of is that this person might be very careful. An undisclosed amount of time ago I was working part time in a school, and the network administrator guy was suspected of having some dodgy photos on his computer (let's just say he's not the kind of person you'd wanna leave alone with your kids). Anyway, if the alarm were raised, if accusations were made, he would have just wiped his computer, or at least made the material inaccessible in some way (Truecrypt, whatever). When I got wind of the situation, I kinda said "Emm by the way, I could help a little bit, I know a little about computers".
So I got permission from the school owner to f*** with the network however I wanted. In the next 20 minutes or so, I got by MAC filtering, got by WEP, ran Autopwn, then showed the owner exactly what was on the network admin guy's PC (which was owned by the school). All the while I was doing this, I was very careful, because I knew the network admin guy would come straight into my room if something like "You're being portscanned" came up on his screen (some firewalls do that by the way), so I was always on guard, it took maybe two or three keystrokes to make it look like I was just listening to MP3's or watching Southpark.
Your situation is a little different though, you're not guaranteed that it's an inside job, it could be Billy who lives across the road.
I've always a big fan of not raising the alarm, because people become careful when they think someone's on to them.
Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".
Okay, shutting off the SSID now seemed to help. All of the clients are now able to connect to the wireless network without a hitch.
And that suspected rouge AP disappeared mysteriously...
Posting Permissions