Runbook or playbook for detecting rogue wireless access points?

Hi all,
I’m looking to reuse the wheel if possible. :slight_smile:
Does anyone have a runbook/playbook for detection/action of rogue wireless access points they would be willing to share?


Do you want Rogue AP’s on or off your wired network?
Do you have 802.1x?
If not, you can do a survey with something like a pineapple, and pump out a report of all the MACs and BSSIDs, then cross correlate with the MACs that actually belong to devices the company owns (this might be where you find out your company’s asset management sucks).
Not a playbook, just some thoughts to get you started.

1 Like