Re: About War Driving ..

["Steven" <steven () slashmail org>]

Hi Gaurav,

I am surprised to see so many answers that were identical or duplicates
were allowed to pass through to this list.  I think we've seen from the
nearly 30+ posts that WEP is terrible, WPA is better, and WPA2 + the right
implementation is wonderful.  I think you might have known this
beforehand.  However, 1 million replies about WEP being bad doesn't really
answer your core question -- which was whether or not you can locate the
person.

The answer to your question is YES.  You can most certainly track down a
client that is connected to your AP, especially if they are actively
browsing at the time you are looking for them.  You can track client
machiens the same way you track down APs with various tools.  Personally,
at work I use a tool called AirMagnet with a PocketPC.  This is primarily
for locating clients in ad-hoc mode or finding rogue APs.  However, you
can use it and see clients connected to the AP and track them down when
they're transmitting.  The strong the signal you receive.. the closer you
are to them.  Now in theory depending on the setup of the building you
could possibly have a difficult time being 100% certain.  Then again it
might be very easy.  You'd have to walk around like a goofball for a bit,
but I am guessing you could get a good estimation of where the person is. 
Also, for example in my condo complex, this would be very easy.  But if
you're in a mega-super crowded area with hundreds of 200sqft one bedrooms
apartments -- this might be pretty hard, but I haven't seen anyone reply
with how easy and doable this is.  AirMagnet is not free.. although they
have a shortened demo version.  Perhaps there is a comprable product for
such a task.. I am not sure.  It's been a long time since I used
NetStumbler so I am actually forgetting whether or not that will show you
connected devices.

But like many people said.. sniff traffic for a while.  Try and read into
all of that.  Hell, maybe you can root their machines (not recommending
this of course :-D).  You could also redirect all their web traffic to
your own servers that let them know you are pissed off.  It might be worth
thinking about what exactly you plan to do if you are trying to track them
down.  Anyway, have fun with it.

Steven@securityzone

"I didn't spellcheck this e-mail!"

> Hey Guys,
> thanks a lot . Will try WPA . btw ..i did try mac
> filtering and as some people suggested he seems to be
> changing the mac address ..and hence ...
> i also tried to give access to only the people in our
> companies but still he then uses some valid macs of
> the user whose macs i have allowed ..
> Yes he seems to be very near to our network and just
> using our wep .. is there any way to catch him in
> person (red handed)..I mean physically .
>
> well i did try doing all sort of security probe in my
> network the one problem i found was WEP mechanism .
> and then i also port scan and did a short va on his
> system . he seems to be running debian (kernel 2.6.x)
> and has only 1 port on his box open (111)
>
> other than that nothing much ..I also tried using
> arpscan / dsniff and tried to see what sites he has
> been browsing . but only found usernames like
> hotty_male23in () yahoo com and emails of that kind .
> (cudn't find the password though)
>
> not much of http sites sites but mostly what his
> machines is connecting after i reset his connection
> seem to be torrent related .
> from there i concluded he is using some torrent thing.
> and our building is 7 floors and there are about 3
> companies .and the person whos been using up all our
> b/w doesn't seem to be one of our employee .
>
> so any method to catch hold of this guy .
> ---gaurav
>
>
>
>
> ____________________________________________________________________________________
> Do you Yahoo!?
> Everyone is raving about the all-new Yahoo! Mail beta.
> http://new.mail.yahoo.com
>
> !DSPAM:4570dc9c142304799511743!



---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------