Triangulating the Attacker
While the term "triangulation" may conjure thoughts of wild west savagery, it really involves the use of multiple access points to make an educated guess to the location of any device or the source of any object emanating wireless interference. The prefix "tri-" describes the necessity of three access points to accurately find the exact source of the transmission. Airwave's VisualRF with the Mapping and Location Module installed and Cisco's Wireless Control Server software include the ability to import floor plans, geographical maps or interface with Google Maps to make more efficient use of the statistics reported by access points. After examining the methods of manually finding rogue devices, you will see the value in such an ability.
With a laptop and a wireless signal meter, your only choice is to rove around the infected area in a game of "hot and cold," moving towards direction of higher reception as you roam. This method can be frustrating in multi-story buildings, as wireless signals will bleed between floors. Scouting the area can alert attackers and make pin-pointing nearly impossible.
While a wireless client can be used in this crude manner, wireless spectrum analyzers are much more valuable in this instance. A spectrum analyzer can detect and profile a wider range of wireless signals and reveal amazing insight to the waves bouncing through the air. Cisco's wireless spectrum analyzer can integrate with it's Wireless Control Server (WCS) product, empowering the software with amazing insight into the airwaves. Spectrum analyzers can quickly tell the difference between an attacker's RF transmitter and the break room's microwave oven.
Using two access points, you can easily tell which access point is detecting a stronger signal. This can provide a bit more insight into the location of device without the need to roam, but is still not conclusive. Some wireless management software packages can guesstimate an approximate location based on the signal strength reported on only one or two access points, but can be misleading as the distance of the transmitter can be in any angle to the access points themselves.
The best solution reverts back to triangulation, in which several access points can hear the interference and report its strength to a centralized management station. Because three or more points of reference are used, a very accurate guess can be made on the location of the object. Just as a GPS uses multiple satellites to calculate a position on earth, triangulation uses multiple receivers to find the position of a transmission source. If you change the location of the transmitter on any axis, at least one radio's signal will change. When this information is compiled and placed on a map that is drawn to scale, the software knows the distance of the access points from each other and the dynamics of the environment in which they're deployed. The more access points that hear a single transmission, the better the quality of such calculations. Any device that is causing issues on the network can be located and isolated physically. Manual intervention is required, however. There is no way to stop an RF jamming signal other than disabling its source. Despite the desires of Hollywood script writers, there is no way to "jam" a "jammer."