Re: About War Driving ..

["Dave Moore" <dave.j.moore () gmail com>]

I don't know much about wireless, but I know quite a bit about lower
frequency RF.. if you are absolutely intent on catching this guy,
here's what I would try.

1. Get a spectrum analyzer capable of operating >= 2.487 GHz
2. Get a directional antenna or two, likewise in the 2.4GHz band. The
more directional, the better. A multiple (>8) element yagi would be
great.
3. Turn off (i.e. disable radio) every wireless card in your office
except for the AP. If you have multiple APs, just leave one on.
4. Find out what channel your AP operates on. Every channel translates
to a specific frequency. The frequencies are 2.412 GHz to 2.487 GHz.
Each channel is 22 MHz in bandwidth, yet the channel spacing is only 5
MHz. (2.412, 2.417, 2.422, etc.)
5. Tune your spectrum analyzer to the appropriate frequency and attach
directional antenna. Start sweeping it around. You'll get a spike from
your AP, if you get another spike in another direction that might be
the person who is using your network. Or, it might be a cordless
phone, or another network entirely.

I have tracked down illegal/unlicensed transmitters in the past, and
it is very much hit and miss. If you have to do it then you have to do
it, but you've been warned.

On 11/30/06, gaurav saha <gauravsaha007 () yahoo com> wrote:
> Hey Guys,
> thanks a lot . Will try WPA . btw ..i did try mac
> filtering and as some people suggested he seems to be
> changing the mac address ..and hence ...
> i also tried to give access to only the people in our
> companies but still he then uses some valid macs of
> the user whose macs i have allowed ..
> Yes he seems to be very near to our network and just
> using our wep .. is there any way to catch him in
> person (red handed)..I mean physically .
>
> well i did try doing all sort of security probe in my
> network the one problem i found was WEP mechanism .
> and then i also port scan and did a short va on his
> system . he seems to be running debian (kernel 2.6.x)
> and has only 1 port on his box open (111)
>
> other than that nothing much ..I also tried using
> arpscan / dsniff and tried to see what sites he has
> been browsing . but only found usernames like
> hotty_male23in () yahoo com and emails of that kind .
> (cudn't find the password though)
>
> not much of http sites sites but mostly what his
> machines is connecting after i reset his connection
> seem to be torrent related .
> from there i concluded he is using some torrent thing.
> and our building is 7 floors and there are about 3
> companies .and the person whos been using up all our
> b/w doesn't seem to be one of our employee .
>
> so any method to catch hold of this guy .
> ---gaurav
>
>
>
>
> ____________________________________________________________________________________
> Do you Yahoo!?
> Everyone is raving about the all-new Yahoo! Mail beta.
> http://new.mail.yahoo.com


--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GAT d-(+) s+: a24 C++ UBL++ P+>+++ L++ E--- W+++$ N+ o? K? w O? M-- V?
!PS !PE Y PGP- t++ 5++ X+ R+++ tv+ b++ DI++++ D++ G e+ h-- r++ y+
------END GEEK CODE BLOCK------