Penetration Testing mailing list archives
Re: How to track down a wireless hacker
From: Jan Heisterkamp <janheisterkamp () web de>
Date: Sun, 11 Nov 2007 08:55:27 -0600
I lost who started this thread. Of course you can track a wireless attacker due the fact that he is broadcasting a trackable signal and you can do it pretty accurate. But he question behind is "And then?" What will you do? 1. If the attacker is in house you might have to close all the doors, call the security stuff and confiscate all the laptops running wireless. The attacker goes arested and the rest of the user will take their case to the court, sueing you for damages. 2. If the attacker is, let us say in a car in the street and you have tracked and localized him what are you able to do? You can't touch him, neither arrest him, you have no legal right to do so; probably you will se the attackers golden finger he hits the road. The energy you are wilt to afford to track this freak down you had better spent before in securing your Network. It's a fact, that you messed it up and not he. I guess there is waiting some homework for you... Regards Jan ep schrieb:
"Ah, if only all pentesters were also honeynet admins, /sigh"First, pen-testing is function of testing, not forensic analysis andincident response. Pen-testing has all the flavors of forensic analysis and incident response. It's just the other side of the coin that's usually amiss in practice.How do you propose to track the cookie? Are you making the assumption thatall attacks will be to a web server? Adding a cookie to a web session is a valid response, if it is not a web >>session (and I saw nothing to suggest that this attack on an internal network was) then it may not be. It's NOT a web cookie, though in another example it could be and in fact it's the same functional idea. More specifically it's a username and password that belongs to (for the sake of the argument) OUR NETWORK, be it the network the attacker sniffed them from after breaking into or the one he/she would log into later on. That action would be a lead, from there we could add other ingredients to create more leads... But NEVER would any piece of data be placed on the attacker's machine that he/she didn't knowingly place there themselves. May I say dear Craig, that simple fact pretty much negates your remaining 'reply'. But let's continue. Once an ATTACKER steps past the authentication/authorization border he/she loses all rights of expected privacy on that network. As well, entrapment (4th amendment) applies to law enforcement ect..., which I'm not. If you are curious to the legalities of honeynets in the US then may I suggest you visit this site http://www.honeynet.org. Also, please kindly trim your replies. Have fun, --cgAdding active content to track the attacker is in fact an illegal accessin itself. The defence of necessity will only hold in cases such as this if the action was truly necessary. Anexample would be to save a life. I saw no indication of this here.You seem a little flippant of the difficulties of tracking code and alsoof the legalities associated with this. Just because you are being attacked does not present you with the right >>or the legal reasoning to attack back.Next what if the attack was through another system? One that is ignorantof their part in all this? Installing a cookie as you so simply put if other than a simple web cookie is abreach of a number of US Acts.I would even state that this is dangerously close to the use of a "penregister" or "trap and trace device". I would suggest a reading of the USA Patriot Act of 2001 Federal CriminalCode Related to Computer Intrusions - and "18 U.S.C. ยง 3121 et seq.Recording of Dialling, Routing, Addressing, and Signalling Information" in particular. Then we have the whole issueof uploading data to a computer... Sorry, good intentions do not stop thisfrom being a crime.You can not commit a crime to prevent a crime.------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: How to track down a wireless hacker, (continued)
- Message not available
- Re: How to track down a wireless hacker Nicholas Chapel (Nov 07)
- RE: How to track down a wireless hacker ep (Nov 07)
- RE: How to track down a wireless hacker ep (Nov 08)
- RE: How to track down a wireless hacker ep (Nov 13)
- RE: How to track down a wireless hacker ep (Nov 13)