RE: Interlopers on the WLAN

["Jim Leo" <admin () everett pitt cc nc us>]

On 6 Nov 2002, at 15:54, Marcus J. Ranum wrote:

> Frank O'Dwyer wrote:
> > If he were doing this over someone's open WLAN 
> > > while parked on the street out front, all he'd need to do is drive
> > > away and it would be next to impossible to find him.
>
> Actually, if you get into the guts of the cards' registers you
> can often get values such as signal strength from the card. So
> in theory you could triangulate and locate your war-driver if
> you had one that was foolish enough to walk into such a trap.
> I think you could even enhance the accuracy of the system by
> taking a version of netstumbler and a variety of antennas and
> generating "registered" signals - just build a map of strengths
> against known values, and do a table-lookup when you get a
> war-driver, then call a fire mission on the preregistered location.
>
> I don't know of anyone who has done this yet but it seems an
> obvious enough application...   Might make for a fun invited
> talk for DEFCON. ;)
Been a long time since I've posted to this list.. Just been lurking for 
an awful long time. In all the traffic I've seen there has been much 
on the debating on whose at fault, but little about how to mitigate 
the situation. I would direct your attention to 
http://www.blackalchemy.to/Projects/fakeap/fake-ap.html
as a possible for those who wish to implement a risk mitigation 
approach to what is currently in essence an unsecurable 
configuration.
Kind of like the old days of making the overhead so high that the 
'intruders' go else where..
Just my 2 cents worth.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards