Have you tried adding Access Point detection to this product?
I plan on keeping APTools seperate from winfingerprint.
The main reason for this is that Winfingerprint uses Win32 centric
APIs while APTools is cross platform (Unix and Win32 versions available)
I mean from a fingerprinting point of view... something similar to what Foundstone is claiming they can do. We have them coming in soon for a demo, and I'm curious to know if fingerprinting is really an effective way of detecting APs on large networks.
On the AP tools side- Any suggestions on filtering the show cam dynamic command to weed out APs in that product.
Unfortunately there is no "|include xxx.xx" for the Cisco Switches.
Someone else suggested that I bring down the entire show ip arp & show cam dynamic tables and process the strings internal to aptools rather than letting the switch or router do it. I think this is an excellent idea, and I will implement that in the next aptools release.
Winfingerprint "fingerprints" using the NetServerGetInfo() API which uses SMB Queries and is rather limited. It is very different than nmap's TCP fingerprinting and unfortunately doesn't work against non-Win32 systems. Since nmap is unable to distinguish between win32 tcp stacks, I think winfingerprint fills a necessary gap.
Hope that explanation helps,
Based on your experience, do you think good multi-vendor Ap fingerprinting is possible? Have you looked at Foundstone's Intrusion Detection/Rogue AP fingerprinting detection product?
APTools *could* accomplish better simultaneous multivendor support by |include'ing all of the MAC Addresses. Of course another good way of detection if you have a single site is to use a wireless sniffer. I have not looked at foundstone's method. What are they doing?
They have a product called foundscan that is supposed to detect APs using nmap-type methods. They were supposed to have web seminar today called "Discovering 802.11 Access Points from the Wired Side" but it was cancelled. They are coming by next week for a technical demo, so I'll let you know if it works or not.
Let me know if you're interested in the web seminar, I'll try to get you a login when they reschedule it.