Penetration Testing mailing list archives
Re: How to track down a wireless hacker
From: "Mathieu CHATEAU" <gollum123 () free fr>
Date: Wed, 7 Nov 2007 21:19:36 +0100
Hello,He may also just bought a PCMCIA or usb wifi network card in any shop (without any track then).
If you have the mac address, you may try to identify the manufacturer: http://coffer.com/mac_find/ How do they know they were hacked ? Do you know what interest the hacker ?You may set up a trap, with honeypot & co to collect data. He may be enough confident to retrieve pop3 mail or any thing cleartext that help identify.
Port mirroring may help to collect data. Cordialement, Mathieu CHATEAU English blog: http://lordoftheping.blogspot.com French blog: http://www.lotp.fr----- Original Message ----- From: "jond" <x () jond com>
To: <pen-test () securityfocus com> Sent: Wednesday, November 07, 2007 1:27 AM Subject: How to track down a wireless hacker
I have a new client who was setup with a wireless network a while back using WPA encryption by another firm. An 'unauthorized user' broke the encryption and got onto their network. They've come to me to design a solution so that this doesn't happen again, which isn't a problem. However they also asked me if it's possible to track down the attacker if this happened again. From what I know, it's not possible is it? If the attacker didn't change their MAC address, and say the companies lawyers could get some sort of court order to intel, dell, etc to release which MAC address went to which computer and who bought said computer. Does the manufacture even keep that info? If the attacker did change their MAC address, the real MAC address will never transverse the wire(AIR) right, or is it still in the packet somewhere? Any other thoughts or ideas to track someone down? Is any other info leaked that I'm not thinking about? Thanks, Jon ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- How to track down a wireless hacker jond (Nov 07)
- Re: How to track down a wireless hacker Mathieu CHATEAU (Nov 07)
- Re: How to track down a wireless hacker Nicholas Chapel (Nov 07)
- RE: How to track down a wireless hacker ep (Nov 07)
- Message not available
- Re: How to track down a wireless hacker Nicholas Chapel (Nov 07)
- RE: How to track down a wireless hacker ep (Nov 07)
- RE: How to track down a wireless hacker Ng, Kenneth (US) (Nov 07)
- <Possible follow-ups>
- Re: How to track down a wireless hacker cwright (Nov 07)
- Re: Re: How to track down a wireless hacker cwright (Nov 07)
- Re: How to track down a wireless hacker Francois Larouche (Nov 08)
- RE: How to track down a wireless hacker ep (Nov 08)
- RE: How to track down a wireless hacker cwright (Nov 10)