Security Basics mailing list archives
Re: About War Driving ..
From: "Steven" <steven () slashmail org>
Date: Mon, 4 Dec 2006 18:48:27 -0500 (EST)
Hi Gaurav, I am surprised to see so many answers that were identical or duplicates were allowed to pass through to this list. I think we've seen from the nearly 30+ posts that WEP is terrible, WPA is better, and WPA2 + the right implementation is wonderful. I think you might have known this beforehand. However, 1 million replies about WEP being bad doesn't really answer your core question -- which was whether or not you can locate the person. The answer to your question is YES. You can most certainly track down a client that is connected to your AP, especially if they are actively browsing at the time you are looking for them. You can track client machiens the same way you track down APs with various tools. Personally, at work I use a tool called AirMagnet with a PocketPC. This is primarily for locating clients in ad-hoc mode or finding rogue APs. However, you can use it and see clients connected to the AP and track them down when they're transmitting. The strong the signal you receive.. the closer you are to them. Now in theory depending on the setup of the building you could possibly have a difficult time being 100% certain. Then again it might be very easy. You'd have to walk around like a goofball for a bit, but I am guessing you could get a good estimation of where the person is. Also, for example in my condo complex, this would be very easy. But if you're in a mega-super crowded area with hundreds of 200sqft one bedrooms apartments -- this might be pretty hard, but I haven't seen anyone reply with how easy and doable this is. AirMagnet is not free.. although they have a shortened demo version. Perhaps there is a comprable product for such a task.. I am not sure. It's been a long time since I used NetStumbler so I am actually forgetting whether or not that will show you connected devices. But like many people said.. sniff traffic for a while. Try and read into all of that. Hell, maybe you can root their machines (not recommending this of course :-D). You could also redirect all their web traffic to your own servers that let them know you are pissed off. It might be worth thinking about what exactly you plan to do if you are trying to track them down. Anyway, have fun with it. Steven@securityzone "I didn't spellcheck this e-mail!"
Hey Guys, thanks a lot . Will try WPA . btw ..i did try mac filtering and as some people suggested he seems to be changing the mac address ..and hence ... i also tried to give access to only the people in our companies but still he then uses some valid macs of the user whose macs i have allowed .. Yes he seems to be very near to our network and just using our wep .. is there any way to catch him in person (red handed)..I mean physically . well i did try doing all sort of security probe in my network the one problem i found was WEP mechanism . and then i also port scan and did a short va on his system . he seems to be running debian (kernel 2.6.x) and has only 1 port on his box open (111) other than that nothing much ..I also tried using arpscan / dsniff and tried to see what sites he has been browsing . but only found usernames like hotty_male23in () yahoo com and emails of that kind . (cudn't find the password though) not much of http sites sites but mostly what his machines is connecting after i reset his connection seem to be torrent related . from there i concluded he is using some torrent thing. and our building is 7 floors and there are about 3 companies .and the person whos been using up all our b/w doesn't seem to be one of our employee . so any method to catch hold of this guy . ---gaurav ____________________________________________________________________________________ Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com !DSPAM:4570dc9c142304799511743!
--------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Re[2]: About War Driving .., (continued)
- Re[2]: About War Driving .. Roman Shirokov (Dec 06)
- Re: Re[2]: About War Driving .. Brian Loe (Dec 07)
- Re[2]: About War Driving .. Kluge (Dec 07)
- RE: About War Driving .. Adam Rosen (Dec 01)
- Re: About War Driving .. John Kennedy (Dec 01)
- Re: About War Driving .. Dave Moore (Dec 01)
- Re: About War Driving .. Sudev Barar (Dec 01)
- Re: About War Driving .. Robert Szewczyk (Dec 01)
- Re: About War Driving .. gaurav saha (Dec 01)
- Re: About War Driving .. Dave Moore (Dec 04)
- Re: About War Driving .. Steven (Dec 06)
- list moderation (was Re: About War Driving.) Kelly Martin (Dec 07)
- Re: About War Driving .. gaurav saha (Dec 01)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 04)
- Re: About War Driving .. FatalSaint (Dec 06)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 06)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 07)