Penetration Testing mailing list archives
Re: How to track down a wireless hacker
From: Francois Larouche <francois.larouche-ml () sqlpowerinjector com>
Date: Thu, 08 Nov 2007 09:35:05 -0800
Don't take me wrong I do find it intellectually challenging and fun to try to track someone who is hacking you, whether it be possible or not over wireless. And also really educative and interesting to see what people come up for ways to track that hacker.
But if by some luck you find who that guy is or where he is, what then? You call the police and tell them that a guy is at that internet cafe and is hacking me or my company? It ought to have a special police line for that :) If they ever take you seriously and come the guy would be probably gone. Or you grab your baseball bat and go beat him up? Realistically, besides the fact that it might be fun to do there is not much to do about it.
So the bottom line is train the people in the company and secure the wireless network. How you do that? That is the real good question :)
My two cents Cheers Francois
Bah, I'm talking wan IP and service not Lan IP and service, thought I wasclear on that.What we want is to track the cookie, this MIGHT lead to some mistakes on the intruders part. Yes, the intruder/s will most likely use someone else's internet drop to use those identifiable credentials, but what if it's a internet café? A school library? Another victim? Not only is it fun and educational to track this info, it's also a possible benefit for others. Open up the door, give them a cookie and track it's use. Ummm, seems like there's gonna be some feedback there eh? And bet I would give it a chance to out weigh any given effort and time. Maybe we need more effort and time? I have no idea of the resources of the original poster. Besides, the initial investment is very small. The crux is the tracking of the cookie once it has been snatched, at it's simplest it's monitoring a log file of the service. Honestly, this is a small project. Initial setup is under one hour and checking for the credential use in a log file is automated with a little bash skill set.Have fun, cg-----Original Message-----From: Nicholas Chapel [mailto:nicholas.chapel () gmail com] Sent: Wednesday, November 07, 2007 1:42 PMTo: ep Cc: jond; pen-test () securityfocus com Subject: Re: How to track down a wireless hacker On 11/7/07, ep <captgoodnight () hotmail com> wrote:So setup a duplicate of the previously vulnerable wireless configuration and from a secure linux laptop (only thing on the segment) simply every 15 minutes pass some unique clear text working credentials to a internet facing service you can monitor, like a ftp server or pop3 account. Wait for the connection/authentication and log the ip, then get law enforcement and the what I think will be a local ISPinvolved. We are talking about wireless, right? Because in such a scenario, logging the IP address won't make much of a difference since any IP that the intruder has would be *one that your DHCP server leased to him*. There is no ISP to involve here. Unless of course the intruder accesses the FTP/POP3/whatever server from a different connection, in which case he may very well be on someone *else's* WLAN and you'll end up expending a great deal of effort and time (both yours and others') and be no closer to knowing the identity of your malefactor than you were before. Yeah, I think hoping that the intruder would be daft enough to access his Hotmail account is about the best you can hope for here. --Nick ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- How to track down a wireless hacker jond (Nov 07)
- Re: How to track down a wireless hacker Mathieu CHATEAU (Nov 07)
- Re: How to track down a wireless hacker Nicholas Chapel (Nov 07)
- RE: How to track down a wireless hacker ep (Nov 07)
- Message not available
- Re: How to track down a wireless hacker Nicholas Chapel (Nov 07)
- RE: How to track down a wireless hacker ep (Nov 07)
- RE: How to track down a wireless hacker Ng, Kenneth (US) (Nov 07)
- <Possible follow-ups>
- Re: How to track down a wireless hacker cwright (Nov 07)
- Re: Re: How to track down a wireless hacker cwright (Nov 07)
- Re: How to track down a wireless hacker Francois Larouche (Nov 08)
- RE: How to track down a wireless hacker ep (Nov 08)
- RE: How to track down a wireless hacker cwright (Nov 10)
- RE: How to track down a wireless hacker ep (Nov 13)
- RE: How to track down a wireless hacker ep (Nov 10)
- Re: How to track down a wireless hacker Jan Heisterkamp (Nov 13)
- RE: How to track down a wireless hacker ep (Nov 13)
- RE: How to track down a wireless hacker cwright (Nov 13)
- Re: RE: How to track down a wireless hacker cwright (Nov 13)
- Re: How to track down a wireless hacker Jan Heisterkamp (Nov 13)
- RE: How to track down a wireless hacker ep (Nov 13)