Security Basics mailing list archives
RE: About War Driving ..
From: "Andrew Aris" <andrew () dev bigfishinternet co uk>
Date: Tue, 5 Dec 2006 09:03:05 -0000
Responses inline... -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of FatalSaint Sent: 01 December 2006 00:18 To: gaurav saha; security-basics () securityfocus com Subject: Re: About War Driving .. Just a couple.. I'm kind of a noob here but: 1) Use WPA/TKIP instead of WEP. Harder to crack (though not impossible) --> good dea, WPA/WPA2 with a decent strong passphrase is probably one of the best steps to take. 2) Disable DHCP if you have it running or 2a) Enable static DHCP for the MAC Addresses of the authorized PC's --> Wouldn't achieve much I'm afraid, a valid IP is too easy to spoof. 3) MAC Address Filter your router --> Doubt it will help in this particular intrusion since I think OP said the guy is already smart enough to change MAC. Not going to hurt for general wireless security though. 4) Disable SSID Broadcast (easily got around by anyone with kismet.. but still an added layer) --> I've always found it causes more hassle then its worth. 5) If your router has the capability; explicitly allow only the IP's for the machine's you assign to get out to the internet. --> Wouldn't achieve much I'm afraid, a valid IP is too easy to spoof. 6) Disable the torrent ports at the firewall .. I am not sure what they are or if torrent will get around them by using port 80 instead. (in actuallity, in a business environment I'd disable -all- outgoing ports except 80 and 443 - if someone needs specific access have your net-admin explicitly allow their machine out.) --> This would probably be a good idea as a general net security thing. If you can identify what services people need legitmately then deny everything and allow just those. 7) You could get as detailed as static routing and limiting the amount of bandwidth each machine/IP could use. --> Only offers damage limitation - preventing an intruder from saturating your connection, a lot of work and restritcion to legitmate traffic just for that though. Log MAC Addresses. If he's smart enough to crack your wep then he's prolly spoofing MAC's.. but you could always go into your logs, see which MAC is associated with that IP - and then go to all the machines in your building that you can control and check the MAC Addresses - might tell you which machine is doing it. --> If he is spoofing MAC addresses then logging it wont tell you much Some more advanced things could be to install a proxy server; require the use of login's to get to the internet - then you can track by login. Or even installing a transparent proxy and logging all websites/communication out to the internet (this could cause a very large logfile.) --> they *CAN* be got around using tunnelled traffic - can help to stop casual intruders but I doubt that's what this guy is. If you want to go down the authentication a RADIUS server would be a better route. I don't know your network infrastructure so these are just random thoughts on what you -could- do if you're buisness plan allows. On 11/30/2006, "gaurav saha" <gauravsaha007 () yahoo com> wrote:
Hi , I was wondering if it is possible to locate and catch a guy who is connecting to our wep wireless network and downloading stuff from torrents and using up our bandwidth .. I checked up with arp scan and found 2 unknown IPs 192.168.1.246 and 247 Is there anyway of locating the guy in a building of 7 floors and how to stop this ..I have tried changing the Wep keys so . he is cracking the wep key. Any Suggestion People ? ---gaurav _______________________________________________________________________ _____________ Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com
--------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Re: About War Driving .., (continued)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 06)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 07)
- Re: About War Driving .. Brian Loe (Dec 07)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Brian Loe (Dec 07)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Kelly Martin (Dec 08)
- Re: About War Driving .. pryorda pryor (Dec 12)
- RE: About War Driving .. Alan Greig (Dec 06)
- Re: About War Driving .. Gouki (Dec 04)
- Re: About War Driving .. Francois Yang (Dec 04)