unauthorized network point access

[ghostmachine]

hi
scenario.

In a big building with few storeys. Assume intruder comes in, look for an available network point, plug in his laptop and start doing damage (just an example scenario with lax security)

is there tools/appliances out there that could trace a LAN point (as well as the IP address he is holding) being plugged in by the intruder and see where he is located in the building?
I guess i would need a database of all available physical network LAN points in the building?
thanks

[@tt!tud3]

Hope this helps you:


802.11 security

Security options for 802.11 include authentication services and encryption services based on the Wired Equivalent Privacy (WEP) algorithm. WEP is a set of security services used to protect 802.11 networks from unauthorized access, such as eavesdropping (the capture of wireless network traffic). With automatic wireless network configuration, you can specify that a network key be used for authentication to the network. You can also specify that a network key be used to encrypt your data as it is transmitted over the network. When data encryption is enabled, secret shared encryption keys are generated and used by the source station and the destination station to alter frame bits, thus avoiding disclosure to eavesdroppers.
Open System and Shared Key authentication

802.11 supports two subtypes of network authentication services: Open System and Shared Key. Under Open System authentication, any wireless station can request authentication. The station that needs to authenticate with another wireless station sends an authentication management frame that contains the identity of the sending station. The receiving station then sends back a frame that indicates whether it recognizes the identity of the sending station. Under Shared Key authentication, each wireless station is assumed to have received a secret shared key over a secure channel that is independent from the 802.11 wireless network communications channel. To use Shared Key authentication, you must have a network key.
Network keys

When you enable WEP, you can specify that a network key be used for encryption. A network key can be provided for you automatically (for example, it might be provided on your wireless network adapter), or you can specify the key by typing it yourself. If you specify the key yourself, you can also specify the key length (40 bits or 104 bits), key format (ASCII characters or hexadecimal digits), and key index (the location where a specific key is stored). The longer the key length, the more secure the key. Every time the length of a key is increased by one bit, the number of possible keys doubles.

Under 802.11, a wireless station can be configured with up to four keys (the key index values are 0, 1, 2, and 3). When an access point or a wireless station transmits an encrypted message using a key that is stored in a specific key index, the transmitted message indicates the key index that was used to encrypt the message body. The receiving access point or wireless station can then retrieve the key that is stored at the key index and use it to decode the encrypted message body.
Top of pageTop of page
802.1x authentication

For enhanced security, you can enable IEEE 802.1x authentication. IEEE 802.1x authentication provides authenticated access to 802.11 wireless networks and to wired Ethernet networks. IEEE 802.1x minimizes wireless network security risks, such as unauthorized access to network resources and eavesdropping, by providing user and computer identification, centralized authentication, and dynamic key management. IEEE 802.1x supports Internet Authentication Service (IAS), which implements the Remote Authentication Dial-In User Service (RADIUS) protocol. Under this implementation, a wireless access point that is configured as a RADIUS client sends a connection request and accounting messages to a central RADIUS server. The central RADIUS server processes the request and grants or rejects the connection request. If the request is granted, the client is authenticated, and unique keys (from which the WEP key is derived) can be generated for that session, depending on the authentication method chosen. The support that IEEE 802.1x provides for Extensible Authentication Protocol (EAP) security types allows you to use authentication methods such as smart cards, certificates, and the Message Digest 5 (MD5) algorithm.

With IEEE 802.1x authentication, you can specify whether the computer attempts authentication to the network if the computer requires access to network resources whether a user is logged on or not. For example, data center operators who manage remotely administered servers can specify that the servers should attempt authentication to access the network resources. You can also specify whether the computer attempts authentication to the network if user or computer information is not available. For example, Internet service providers (ISPs) can use this authentication option to allow users access to free Internet services, or to Internet services that can be purchased. A corporation can grant visitors with limited guest access, so that they can access the Internet, but not confidential network resources.

[codenamevirus]

hi

I m not sure for my answer....but maybe it can be done by makin use of an application based on SNMP i.e. Simple Network Management Protocol!!

[ghostmachine]

hi
thanks. We do not have wireless networks. Only Ethernet LAN. I guess i will give SNMP a try.

[ethos914]

Not sure of the cost but here is a great answer to your question:

http://www.panduit.com/products/browse.asp?classid=614

Check it out and see what you think. It is supposed to be designed to keep unauthorized users from accessing your internal LAN.

[qwertyman66]

biola, did you read the front page? There is no way that what you are asking is legal or on topic. read the front page and find out what AO is and isn't!
Click here to see What AO is and isn't and try to do what is says.

[morganlefay]

Nice first post there bud

uuum please can any body teach me how to hack into a bank account please email me if you can please [email protected]

Are you serious???

@tt!tud3

That is an obvious cut and paste job....you should put a link to the original text\author....before you get negged

MLF

[ByTeWrangler]

uuum please can any body teach me how to hack into a bank account please email me if you can please [email protected]

Aah the easiest way to get banned from AO.

Welcome and Good bye mate.


Anyway we should seriously consider putting a line in BOLD AND CAPITAL letter that we dont help in hacking.

Try the following:

1. [email protected]

2. [email protected]

3. www.consumer.gov/idtheft
1-877-IDTHEFT

If you succed then mail here Jobs @ American Express.
goodbye

/EDIT/

Look at the bright side first we had people asking us to help them break into MSN accounts and now its banks then mostly Government accounts and so goes on the HUMAN EVOLUTION. God bless charles darwin......


/EDIT/

[morganlefay]

Well I didnt neg him first time around...

But I just read his profile...

Interests= Stealing passwords

Eat some reds bud

MLF

[IKnowNot]

That is an obvious cut and paste job....you should put a link to the original text\author....before you get negged

Microsoft : Configuring wireless network clients