Monitor WiFi access points

By c.grz
in Smart Home, Network & Security

 Share

Recommended Posts

Mentor

c.grz

Posted
Posted

Hi,

I work for a local government agency and we support both Police and Fire. We're currently having issues with people at the fire stations bringing in their own hotspots to bypass our proxy.

I'm wondering if there's a program that will scan for new wifi SID's and notify us via email when one pops up. These buildings are big and we rarely see any external wifi network show up so we know if a wifi SID pops up; it'll be from within the building.

Anybody know of a program that will give us that ability?

I've looked at a few but most don't have notifications of new networks. Cost isn't an issue.

All help is appreciated!!

Link to comment
https://www.neowin.net/forum/topic/1125638-monitor-wifi-access-points/
Share on other sites
Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

The simple answer is no. The more explained answer is you are asking a system to monitor the air waves for any new ssids that pop up. These can come from anywhere. The best you can do is lock down your computers to a certain ssid and do not allow them to connect to anything else. Their computers and phones are their problems and you do not support them. I worked at local government on the municipality level as it support. You have absolutely no right to stop someone from bringing in their equipment and using their equipment. You have absolutely every right to lock your computers down so tight that if they sneeze on it you get notified.

Mentor

francescob

Posted
Posted

You can write a very easy script for that because there's the "netsh wlan show networks mode=bssid" command that returns all the data about the detected networks (also useful for knowing the wifi channels of nearby networks in case you need to avoid interference). There are many powershell examples that show how to parse the result of the command, you only need to add some conditions to exclude your own known wifis and a few commands to send the email (both very easy tasks for which you can find plenty of examples on the web).

Mentor

dvb2000

Posted
Posted

Cisco CleanAir can automatically tag and isolate rouge AP's. Though you're looking at a WLAN controller and Enterprise level AP's

Won't work, they are bringing in their own hotspots, not access points connected to the local network.

Actually what this guy wants to do is impossible, pretty much anyone with a phone these days can connect DIRECTLY to their own personal internet bypassing any proxy these guys are trying to use to filter THEIR corporate internet. Most smartphones will also allow their own broadband connection to be used as a hotspot too, or even using the USB port as a modem without broadcasting anything.

Mentor

dvb2000

Posted
Posted

I work for a local government agency and we support both Police and Fire. We're currently having issues with people at the fire stations bringing in their own hotspots to bypass our proxy.

I doubt you can do what you want, but even if you tried to no doubt the staff would tell you to bugger off and mind your own business/network. You can't stop them using their own network on their own phones/devices.

You could always introduce some wireless interference so their hotspots won't work. Bit on the dodgy side perhaps...

that would be illegal :)

and would affect their own Access Points as well (if they are using them)

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

It isn't the staffs choice. First the the township manager signs off (everybody in the municipalities boss) then the chief of police signs off. Fire chief has no pull against their wishes nor does any other director. Then I push policies using ad group policies, I don't touch their computers at all and the default image only gives users user rights, no power user or admin level access.

There is a hierchy that needs to be followed and the end users have no say in the matter, even the patrolmen. The patrolmen had access to about 30 approved government sites, they were ****ed and tried to get that lifted...that got them a big can of shut the hell up from management.

Mentor

c.grz

Posted
  • Author
Posted

I doubt it was possible but the IT Director asked that I pursue this per the request of the Fire Chief.

I guess we'll just have to update our IT policy forbidding the use of wireless devices not approved for use by the I.T. Department.

Grand Master

Draconian Guppy

Posted
Posted

I doubt it was possible but the IT Director asked that I pursue this per the request of the Fire Chief.

I guess we'll just have to update our IT policy forbidding the use of wireless devices not approved for use by the I.T. Department.

Not my business, but what's wrong with people using their own devices? Like pointed above, any smartphone can function as a hotspot :/ Are you going to forbid smartphones?

(Don't mean to sound like a jerk, just curious is all).

Grand Master

Dot Matrix

Posted
Posted

Not my business, but what's wrong with people using their own devices? Like pointed above, any smartphone can function as a hotspot :/ Are you going to forbid smartphones?

(Don't mean to sound like a jerk, just curious is all).

From the sound of things, it sounds as if they are using their own hotspots with work-issued devices.

Grand Master

xpablo

Posted
Posted

Not my business, but what's wrong with people using their own devices? Like pointed above, any smartphone can function as a hotspot :/ Are you going to forbid smartphones?

(Don't mean to sound like a jerk, just curious is all).

Are you kidding? on a corporate laptop or computer, it could be a huge security risk, not to mention any confidential data on the computers..

Here's some reading on securing your airwaves.

http://www.arubanetw...al_security.pdf

Here are some solutions to your problem.

http://www.arubanetworks.com/solutions/msp/

Grand Master

Draconian Guppy

Posted
Posted

Are you kidding? on a corporate laptop or computer, it could be a huge security risk, not to mention any confidential data on the computers..

Here's some reading on securing your airwaves.

http://www.arubanetw...al_security.pdf

Here are some solutions to your problem.

http://www.arubanetw.../solutions/msp/

Yeah i'm probably "desensitized" on sensitive information... :p

BUTT that said, disabling wifi is easy, installing group policies as well. Eg email SHOULDn'T if not in same domain. Most desktops shouldn't have admin. privileges to install a wifi dongle (seeing as how most desktop don't come with built in wifi) etc...

Grand Master

n_K

Posted
Posted

"You could always introduce some wireless interference so their hotspots won't work. Bit on the dodgy side perhaps..."

that would be illegal :)

and would affect their own Access Points as well (if they are using them)

Not sure about in the US but it's illegal in the UK...

Unless you're part of the government or a government service (which includes fire and police) in which case it's legal :p

Grand Master

xendrome

Posted
Posted

Also working for a local government LE agency I can tell you the BEST way to handle this type of situation is through policy with strict warnings/actions. And as to the comment above saying that introducing wireless interference is not illegal simply because you are part of the government or government service is incorrect.

Mentor

c.grz

Posted
  • Author
Posted

Not my business, but what's wrong with people using their own devices? Like pointed above, any smartphone can function as a hotspot :/ Are you going to forbid smartphones?

(Don't mean to sound like a jerk, just curious is all).

We know that we can't control what people do on their phones/tablets/personal pc's. The issue is when these people use city owned equipment along with their personal hotspots/smart phones to bypass security we have in place to protect our network.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

^ exactly, its not that they can browse porn (example) on their smartphone. Its that they are bypassing the company internet filtering, connecting the work device to an unsecured network, etc.

Your best bet is to lock down the work devices to only be able to connect to specific wifi APs and not allow the users to change these settings.

As to warning of these hotspots popping up, yeah the netsh script should be easy enough to setup so that you get a warning and details about the hotspot that is around.

Mentor

c.grz

Posted
  • Author
Posted

The solution to the problem is a cell phone jammer. But that creates issues on a whole different level.

Everyone relies on their cellphones to communicate. Using a cell phone jammer would probably lead to a revolt...

Veteran

sagum

Posted
Posted

We know that we can't control what people do on their phones/tablets/personal pc's. The issue is when these people use city owned equipment along with their personal hotspots/smart phones to bypass security we have in place to protect our network.

Firstly, it'd be very easy to create a simply bit of software that'll monitor the airwaves for new networks that show up and report them back. You can setup applications such as netstumbler that'll log the time and date of the networks as they come and go. That could be sent off at the end of the day for example.

A better bet would be to use something the common Linux wireless air* tools, usually used to crack networks, to monitor the active networks, including networks that do not broadcast their SSID and you'll also be able to see what devices are connecting to what network, by their MAC address. This would be proof that such dept hardware is connecting to say a Nokia cell phone acting as a access point.

However, its unlikely that you'll be able to block or do anything about people using their own devices to setup access points if they really wanted to.

What I would suggest is looked at enforcing a network policy on the dept machines so they can't join additional networks. That'd be the best option as even if the employees setup their own AP, they wouldn't be able to use the dept machines to connect to them (without a lot of spoofing, but that is possible anyway)

Grand Master

f0rk_b0mb

Posted
Posted

Hi,

We're currently having issues with people at the fire stations bringing in their own hotspots to bypass our proxy.

Are you sure they are bringing their own and not using a program like ultrasurf or such?

Anyway, I don't believe there is anything you can do other than install a key logger to see who's typing in a blocked address. Give every firefighter and officer their own account so they can't point fingers, etc.

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

The best you can do is lock down your computers to a certain ssid and do not allow them to connect to anything else.

Your best bet is to lock down the work devices to only be able to connect to specific wifi APs and not allow the users to change these settings.

What I would suggest is looked at enforcing a network policy on the dept machines so they can't join additional networks. That'd be the best option as even if the employees setup their own AP, they wouldn't be able to use the dept machines to connect to them (without a lot of spoofing, but that is possible anyway)

all of this, then you can stop playing games with trying to monitor crap. Know that they can't connect vs trying to bring the hammer down when they do connect.

Mentor

c.grz

Posted
  • Author
Posted

all of this, then you can stop playing games with trying to monitor crap. Know that they can't connect vs trying to bring the hammer down when they do connect.

Yeah I know; but I was told by my boss to go down this route...so down this route I go.

I tend to disagree with his way of going about things; I've learned that it's easier to just do what he asks and when then that doesn't pan out I can do what the right thing is...but that's another story for another day.

Thanks all!!!

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Sihoo Doro C300 Pro V2 Ergonomic Office Chair review: The Ikea of chairs

      By Steven P. · Posted

      Not on my Aeron Remastered no.
    • Tidal won't monetize AI slop music, company says

      By Steven P. · Posted

      I like Tidal, but it still does not control devices from the mobile/app and still no surround support. And yeah re: above comment I still get a lot of network errors and I am on a 4/4 Gbit Fiber connection.
    • Microsoft Edge gets tons of security features, including AI model that can see your screen

      By Riggers · Posted

      Aren`t "security features" and "AI model that can see your screen" a tad diametric!
    • Samsung, Amazon extend 990 PRO 2TB NVMe SSD deal beyond Prime Day 2026

      By hellowalkman · Posted

      Samsung, Amazon extend 990 PRO 2TB NVMe SSD deal beyond Prime Day 2026 by Sayan Sen Recently, we had Amazon's Prime Day 2026 sales wherein there were several great deals including on SSDs. One of those discounted components was the Samsung 990 PRO SSD as the 2TB variant of it was selling for $370, a very good price after a long time. Although that deal was supposed to expire today, Amazon has now extended that sale further (purchase link under the specs table down below). The 990 PRO is a PCIe Gen4 NVMe SSD and still one of the fastest drives available today for under $400. Speaking of fast, sequential reads and writes are rated at 7450 MB/s and 6900 MB/s, respectively. The random throughputs for reads and writes are 1400K IOPS and 1550K IOPS, respectively. The 990 PRO is based on Samsung's 7th Gen V-NAND flash, and it too is TLC. It packs 2 gigs of LPDDR4 DRAM cache, which helps the random performance. The endurance rating for this is 1200 TBW (terabytes written), which should be sufficient for most users. The Samsung 990 PRO is compatible with the PlayStation 5, but if you are going to use the 990 PRO on a PC, check out the Samsung Magician app that lets you track your drive's health, update its firmware, customize various settings, and more. The technical specs of the Samsung 990 PRO 2TB are given in the table below: Specification Value Form Factor M.2 2280 Interface PCIe Gen 4.0 x4, NVMe 2.0 NAND Flash Samsung V-NAND TLC Controller Samsung In-house Controller Cache Memory Samsung 2GB Low Power DDR4 SDRAM Sequential Read Speed Up to 7,450 MB/s Sequential Write Speed Up to 6,900 MB/s Random Read (4KB, QD32) Up to 1,400,000 IOPS Random Write (4KB, QD32) Up to 1,550,000 IOPS Random Read (4KB, QD1) Up to 22,000 IOPS Random Write (4KB, QD1) Up to 80,000 IOPS Operating Temperature 0°C to 70°C Reliability (MTBF) 1.5 Million Hours Endurance 1,200 TBW (Total Bytes Written) Get it at the link below: Samsung 990 PRO SSD 2TB NVMe SSD (MZ-V9P2T0B/AM): $369.99 (Sold and Shipped by Amazon US) Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases
    • Tidal won't monetize AI slop music, company says

      By grik · Posted

      Glad im on the right boat. Tidal has lots of issues in terms of app and music mix, its worst than spot but its honest. Spot algo is very tendentious and they pess less to artists, so im comfortable with the tidal errors, for now.

  • Recent Achievements

    • Reacting Well
      NovaEdgeX earned a badge
      Reacting Well
    • Week One Done
      NovaEdgeX earned a badge
      Week One Done
    • One Year In
      BA the Curmudgeon earned a badge
      One Year In
    • Conversation Starter
      rosiecharles earned a badge
      Conversation Starter
    • First Post
      KMilenkoski1202 earned a badge
      First Post

  • Popular Contributors

    1. 1
      +primortal
      541
    2. 2
      +Edouard
      270
    3. 3
      PsYcHoKiLLa
      153
    4. 4
      Steven P.
      99
    5. 5
      macoman
      66
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!