Security Basics mailing list archives
Re: About War Driving ..
From: FatalSaint <admin () linuxniche com>
Date: Thu, 30 Nov 2006 17:18:21 -0700
Just a couple.. I'm kind of a noob here but: 1) Use WPA/TKIP instead of WEP. Harder to crack (though not impossible) 2) Disable DHCP if you have it running or 2a) Enable static DHCP for the MAC Addresses of the authorized PC's 3) MAC Address Filter your router 4) Disable SSID Broadcast (easily got around by anyone with kismet.. but still an added layer) 5) If your router has the capability; explicitly allow only the IP's for the machine's you assign to get out to the internet. 6) Disable the torrent ports at the firewall .. I am not sure what they are or if torrent will get around them by using port 80 instead. (in actuallity, in a business environment I'd disable -all- outgoing ports except 80 and 443 - if someone needs specific access have your net-admin explicitly allow their machine out.) 7) You could get as detailed as static routing and limiting the amount of bandwidth each machine/IP could use. Log MAC Addresses. If he's smart enough to crack your wep then he's prolly spoofing MAC's.. but you could always go into your logs, see which MAC is associated with that IP - and then go to all the machines in your building that you can control and check the MAC Addresses - might tell you which machine is doing it. Some more advanced things could be to install a proxy server; require the use of login's to get to the internet - then you can track by login. Or even installing a transparent proxy and logging all websites/communication out to the internet (this could cause a very large logfile.) I don't know your network infrastructure so these are just random thoughts on what you -could- do if you're buisness plan allows. On 11/30/2006, "gaurav saha" <gauravsaha007 () yahoo com> wrote:
Hi , I was wondering if it is possible to locate and catch a guy who is connecting to our wep wireless network and downloading stuff from torrents and using up our bandwidth .. I checked up with arp scan and found 2 unknown IPs 192.168.1.246 and 247 Is there anyway of locating the guy in a building of 7 floors and how to stop this ..I have tried changing the Wep keys so . he is cracking the wep key. Any Suggestion People ? ---gaurav ____________________________________________________________________________________ Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com
Current thread:
- Re: About War Driving .., (continued)
- Re: About War Driving .. John Kennedy (Dec 01)
- Re: About War Driving .. Dave Moore (Dec 01)
- Re: About War Driving .. Sudev Barar (Dec 01)
- Re: About War Driving .. Robert Szewczyk (Dec 01)
- Re: About War Driving .. gaurav saha (Dec 01)
- Re: About War Driving .. Dave Moore (Dec 04)
- Re: About War Driving .. Steven (Dec 06)
- list moderation (was Re: About War Driving.) Kelly Martin (Dec 07)
- Re: About War Driving .. gaurav saha (Dec 01)
- Re: About War Driving .. Joel W Pauling (Dec 01)
- Re: About War Driving .. giles (Dec 01)
- Re: About War Driving .. FatalSaint (Dec 01)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 04)
- Re: About War Driving .. FatalSaint (Dec 06)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 06)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 07)
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 04)
- Re: About War Driving .. Brian Loe (Dec 07)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Brian Loe (Dec 07)
- Re: About War Driving .. FatalSaint (Dec 07)
- Re: About War Driving .. Kelly Martin (Dec 08)