Dailydave mailing list archives
Re: my idea of the day
From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Thu, 15 Mar 2007 23:02:41 +0100 (CET)
On Thu, 15 Mar 2007, Dave Aitel wrote: [ Repost; Dave, if you get a chance, reject my original post and approve this one instead, I hit Ctrl-X too early; or if it's too late, reject this repost. Thanks. ]
So here's my idea of the day: I want relational triangulation in SILICA. I want to be able to click "Find this AP" and then have SILICA say "stay still . . . . signal is 99. Now take 5 steps to the left.... signal is 91. Now take five steps forward....signal is 102" and then interpolate in "steps" the distance and direction of the access point.
Moving several feet to the left or right when not standing next to the device is almost guaranteed not to measure any appreciable signal differences that would not be overpowered by random reflections, RF interference, attentuation caused by walls, chairs, etc, or residual directional characteristics of an antenna (you need to get one that is almost perfectly omnidirectional, or else maintain a precise angle while moving around). Consider this: when standing 20 meters from the transmitter, facing it in an open, unobstructed, reflection- and interference-free field, moving 2 meters to the left with a perfectly omnidirectional antenna would change the actual distance the signal has to travel by about 0.1%. A precise RF interferometer could work, but signal strength measurement alone are not a useful indication of your location in this axis. Doing it from 5 meters away will of course work better, but then you're close enough to spot the transmitter by simply observing signal strength while walking around. Circling the area of a suspected transmitter site would yield great results, too, but without a GPS or a set of precise accelerometers, registering or approximating your movements in an indoor environment is unlikely to be easy. If you're left with only one axis to take meaningful measurements, you wouldn't be able to interpolate the actual distance, because you don't know how powerful the signal would be were you standing next to the transmitter - depends on chips, antenna, settings, terror alert level, and how strong is the initial attentuation is (be it caused by ceiling panels, doors, rack mount or a printer it is sitting behind). As such, standing up, making 5 steps to the right, 5 to the front, 5 to the left, 5 to the back is almost guaranteed to give you no benefit over simply walking around with a traditional meter. We happen to hunt "pirate" APs in our office buildings from time to time, and even with specialized, directional receivers and quality software, it's still a mess. That said, there are several tools that allow AP location triangulation in corporate environments, but they usually rely on several fixed measurement points that are 10-50 meters apart, and mounted in a controlled, carefully measured way, and again, *around* the rogue access point, so that absolute measurements can be made. AirMagnet sells something like this. /mz _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: How Apple orchestrated web attack on researchers, (continued)
- Re: How Apple orchestrated web attack on researchers James Sineath (Mar 20)
- Re: How Apple orchestrated web attack on researchers Daniel (Mar 20)
- Re: How Apple orchestrated web attack on researchers Ralph Logan (Mar 20)
- Re: How Apple orchestrated web attack on researchers Matt Beaumont (Mar 21)
- Re: How Apple orchestrated web attack on researchers Mark J Cox (Mar 21)
- PWN to OWN (was Re: How Apple orchestrated web attack on researchers) Dragos Ruiu (Mar 21)
- Re: PWN to OWN (was Re: How Apple orchestrated web attack on researchers) Bob Mahoney (Mar 21)
- Re: PWN to OWN (was Re: How Apple orchestrated web attack on researchers) Adriel T. Desautels (Mar 21)
- Re: PWN to OWN (was Re: How Apple orchestrated web attack on researchers) Nicolas RUFF (Mar 21)
- Re: How Apple orchestrated web attack on researchers Thomas Ptacek (Mar 20)
- Re: my idea of the day Trey Keifer (Mar 16)