Wednesday, 7 May 2014

A Rogue By Any Other Name

Currently on my Cisco Prime it is reporting 1674 rogue access points and, having just run a report on rogue AP's in the last day, it comes to exactly 2500.

While our campus is spread over a large area of the city and many of these will belong to neighbours, an increasing number are coming from inside our walls and mainly due to Apple machines.

What is worse, when I go out to have a look at them, they are often on some ridiculous channel selection. Meaning they manage to interfere with, not one, but two normally perfectly usable 2.4GHz channels.

Our top current offender has been reported with an RSSI of -31dBm! Tom...s iMac, whoever you may be. At least it is on channel 1. Our third, sixth, thirteenth and fourteenth (as well as many more further down the list of) rogues with the highest RSSI are all on channel 4. You can see in the image below how channel 4 overlaps with the channel 1 and channel 6 frequencies:


Looking through the report we have:
  • 6 networks detectable under -40dBm
  • 47 networks detectable under -50dBm
  • 400 networks detectable under -70dBm
  • 1190 networks detectable at -83dBm where the 802.11 preamble can be decoded.
  • 644 rogue networks on channel 1
  • 124 on channels 2-5
  • 682 on channel 6
  • 122 on channels 7-10
  • 579 on channel 11
  • 3 on channel 12
  • 18 on channel 13
  • 303 on 5GHz channels with most on 36, but spread fairly evenly across the UNII-1 and UNII-2 range from 36 to 100.
To sum this up, it is obvious we need more 5GHz clients.

P.S. The best rogue SSID names in no particular order:
  • TheCakeIsALie
  • (.)(.) BOOBIES
  • 3 Guys 1 Router
  • F**kYouFlat19
  • Surveillance #11
  • Obi-WLAN Kenobi
  • I HAVE A HTC ONE    (They are obviously very proud)
  • Pretty Fly For A WiFi
  • Wu Tang WLAN

No comments: