SecurityFocus

Tool for Identifying Rogue Linksys Routers Aug 25 2005 06:48PM
Martin Mkrtchian (dotsecure gmail com) (5 replies)

Re: Tool for Identifying Rogue Linksys Routers Aug 27 2005 12:13AM
Tony Rall (trall almaden ibm com)

Re: Tool for Identifying Rogue Linksys Routers Aug 26 2005 07:29PM
Dave Hull (ireadit gmail com)

Re: Tool for Identifying Rogue Linksys Routers Aug 26 2005 02:32PM
Graham Wilson (graham mknod org)

Re: Tool for Identifying Rogue Linksys Routers Aug 26 2005 01:31PM
Mike Frantzen (frantzen nfr com)

> Is there a scanning tool out there that can determine if there are
> unauthorized Linksys (type) routers in a specific VLAN?

All linksys MACs will have an address with one of these prefixes:
00045A The Linksys Group,
000625 The Linksys Group, In
000C41 The Linksys Group, In
000F66 Cisco-Linksys
001217 Cisco-Linksys, LLC
001310 Cisco-Linksys, LLC
e.g.
00:04:5A:xx:xx:xx

Plug a laptop into any worrisome network segments and look for a linksys
MAC address. If the linksys routers talk IPv6:
ping6 -w ff02:1%fxp0 (or %eth0 or whatever your interface is)
Otherwise do a broadcast ping, a ping sweep, or whatever will tickle a
linksys router.

(friendly reminder: the host's MAC address will not be preserved if the
packet goes through a router)

.mike
frantzen@(nfr.com | cvs.openbsd.org | w4g.org)
PGP: CC A4 E2 E8 0C F8 42 F0 BC 26 85 5B 6F 9E ED 28

[ reply ]

Re: Tool for Identifying Rogue Linksys Routers Aug 25 2005 09:14PM
Joshua Wright (jwright hasborg com)