ROUGUE: DHCP service drops network.
-
@Hubtech said:
I had one of these pop up at a client a month or so ago. whoever configured the switches didn't leave their login info so i wasn't able to use the management. ended up super sleuthing and found it by using a "sniffer" that basically just polled the stregnth of the AP. old school
I would do this. turn the wifi back on and sniff the signal.
-
@JaredBusch said:
@Hubtech said:
I had one of these pop up at a client a month or so ago. whoever configured the switches didn't leave their login info so i wasn't able to use the management. ended up super sleuthing and found it by using a "sniffer" that basically just polled the stregnth of the AP. old school
I would do this. turn the wifi back on and sniff the signal.
smells like rogue wifi to me!
-
@JaredBusch said:
@Hubtech said:
I had one of these pop up at a client a month or so ago. whoever configured the switches didn't leave their login info so i wasn't able to use the management. ended up super sleuthing and found it by using a "sniffer" that basically just polled the stregnth of the AP. old school
I would do this. turn the wifi back on and sniff the signal.
Since it looks like I"ll be here half the weekend, I may do this. of course that is if I can reach it... I'm about to dig out a unused box to see if I can still reach it and go from there. My hope is that someone will figure out they aren't getting what they used to and call someone and ask - or call me about it. that would be nice and 'fast'.
Otherwise it'll have to be sniffed. Which I don't really have gear for.. If I can find my kindle, it may help being a poor mans triangulation... -
@Dashrender said:
DHCP doesn't use RADIUS, or vice versa. I know there is the possibility of some type of tie together.. but not normally for general networks.
Are you referring to 802.1x authentication?
-
@thecreativeone91 said:
@Dashrender said:
DHCP doesn't use RADIUS, or vice versa. I know there is the possibility of some type of tie together.. but not normally for general networks.
Are you referring to 802.1x authentication?
Uh.. maybe, I never dug into the protocol.
-
@g.jacobse said:
@JaredBusch said:
@Hubtech said:
I had one of these pop up at a client a month or so ago. whoever configured the switches didn't leave their login info so i wasn't able to use the management. ended up super sleuthing and found it by using a "sniffer" that basically just polled the stregnth of the AP. old school
I would do this. turn the wifi back on and sniff the signal.
Since it looks like I"ll be here half the weekend, I may do this. of course that is if I can reach it... I'm about to dig out a unused box to see if I can still reach it and go from there. My hope is that someone will figure out they aren't getting what they used to and call someone and ask - or call me about it. that would be nice and 'fast'.
Otherwise it'll have to be sniffed. Which I don't really have gear for.. If I can find my kindle, it may help being a poor mans triangulation...Ping the IP of the Linksys, then type arp -a | findstr IPADDRESS
this will tell you the MAC of the device. Then go to your switch(es) and look through their MAC tables to find what port that MAC is on. Then look at your building map for that port location, done. -
@Dashrender said:
@g.jacobse said:
@JaredBusch said:
@Hubtech said:
I had one of these pop up at a client a month or so ago. whoever configured the switches didn't leave their login info so i wasn't able to use the management. ended up super sleuthing and found it by using a "sniffer" that basically just polled the stregnth of the AP. old school
I would do this. turn the wifi back on and sniff the signal.
Since it looks like I"ll be here half the weekend, I may do this. of course that is if I can reach it... I'm about to dig out a unused box to see if I can still reach it and go from there. My hope is that someone will figure out they aren't getting what they used to and call someone and ask - or call me about it. that would be nice and 'fast'.
Otherwise it'll have to be sniffed. Which I don't really have gear for.. If I can find my kindle, it may help being a poor mans triangulation...Ping the IP of the Linksys, then type arp -a | findstr IPADDRESS
this will tell you the MAC of the device. Then go to your switch(es) and look through their MAC tables to find what port that MAC is on. Then look at your building map for that port location, done.If I wasn't still someone miffed and other choice words I won't use I'd laugh...
Uhm... I don't have one. It would really be nice to have one,.. but with all the spot fires and 'crash' calls... I don't get time to address things like that.... Some day maybe... if I survive that long.
-
@g.jacobse said:
@JaredBusch said:
@Hubtech said:
I had one of these pop up at a client a month or so ago. whoever configured the switches didn't leave their login info so i wasn't able to use the management. ended up super sleuthing and found it by using a "sniffer" that basically just polled the stregnth of the AP. old school
I would do this. turn the wifi back on and sniff the signal.
Since it looks like I"ll be here half the weekend, I may do this. of course that is if I can reach it... I'm about to dig out a unused box to see if I can still reach it and go from there. My hope is that someone will figure out they aren't getting what they used to and call someone and ask - or call me about it. that would be nice and 'fast'.
Otherwise it'll have to be sniffed. Which I don't really have gear for.. If I can find my kindle, it may help being a poor mans triangulation...naw man. you can get close by using a laptop and a yagi or just your laptop.
-
Found it, it was a AP that was in the conference room.. Oddly enough it had been reset and was working for about 2 or three months before it started being a problem.
It's been locked down, and updated. and a Do Not Reset placed over the button.
-
Cool, glad that you found it.
-
how'd you find it?
-
@Hubtech said:
how'd you find it?
It was a cross of things really.
About 2 or so months ago the intern (I heard that groan) had some issues with wireless and was compelled to reset the unit. Only instead of just unplugging it, he hit the reset button. No big deal even in the default mode... Until last week (OP date) when for what ever reason I started having DHCP issues. It was offering DHCP in the 192.168 schema when our network is in the 10.0 schema.
While it took some time to find just that, I started with a PC that was in the 192.168 and went to the IP, and found that it was the Linksys system.
I didn't have any means of tracing the AP signal until I brought in my Kindle, Isolated it, and got more into the back info and found that the Device was the unit. I had walked around that day, but even with the AP model, it didn't completely register that it was this.
With the WiFi analyzer on the Kindle I confirmed it after powering it off.
If I had taken the time to slow down that day and noted the model number I might have caught it sooner. Having so many different device types for wireless and such makes it a challenge.
Boils down to I found it using Sneaker Net....
-
You have other linksys WAPs in the office? Sounds like a good time to replace them with Ubiquiti devices...
-
@Dashrender said:
You have other linksys WAPs in the office? Sounds like a good time to replace them with Ubiquiti devices...
Any excuse is a good excuse to deploy Ubiquiti
-
Yeah I would put the linksys in the trash bin. Get something with a interface to manage them all.
-
@scottalanmiller said:
@Dashrender said:
You have other linksys WAPs in the office? Sounds like a good time to replace them with Ubiquiti devices...
Any excuse is a good excuse to deploy Ubiquiti
@thecreativeone91 said:
Yeah I would put the linksys in the trash bin. Get something with a interface to manage them all.
That is the plan... however - one major under taking at a time....
-
True enough.