Penetration Testing mailing list archives
Re: Re: How to track down a wireless hacker
From: cwright () bdosyd com au
Date: 7 Nov 2007 22:01:36 -0000
"My understanding is that it would basically involve tracking the physical signal. " Assuming that the attack is occuring as you are doing this and you can triangulate it as this occurs. This implies having a team ready as this is occuring - if it is still occuring and this means big money. Regards, Craig Wright (GSE-Compliance) -------------------------------------------------------------------------------- From: listbounce () securityfocus com on behalf of Nicholas Chapel Sent: Thu 8/11/2007 7:35 AM To: jond Cc: pen-test () securityfocus com Subject: Re: How to track down a wireless hacker On 11/6/07, jond <x () jond com> wrote:
However they also asked me if it's possible to track down the attacker if this happened again. From what I know, it's not possible is it?
It's *possible*, but that's not saying much. My understanding is that it would basically involve tracking the physical signal. Which is far, far more effort than is practical given that you've got every client station transmitting on the same channel.
If the attacker didn't change their MAC address, and say the companies lawyers could get some sort of court order to intel, dell, etc to release which MAC address went to which computer and who bought said computer. Does the manufacture even keep that info?
I would be absolutely astounded if they did have that record. And since it's trivial to change the software MAC address, any 'evidence' would be sketchy at best.
If the attacker did change their MAC address, the real MAC address will never transverse the wire(AIR) right, or is it still in the packet somewhere?
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- How to track down a wireless hacker jond (Nov 07)
- Re: How to track down a wireless hacker Mathieu CHATEAU (Nov 07)
- Re: How to track down a wireless hacker Nicholas Chapel (Nov 07)
- RE: How to track down a wireless hacker ep (Nov 07)
- Message not available
- Re: How to track down a wireless hacker Nicholas Chapel (Nov 07)
- RE: How to track down a wireless hacker ep (Nov 07)
- RE: How to track down a wireless hacker Ng, Kenneth (US) (Nov 07)
- <Possible follow-ups>
- Re: How to track down a wireless hacker cwright (Nov 07)
- Re: Re: How to track down a wireless hacker cwright (Nov 07)
- Re: How to track down a wireless hacker Francois Larouche (Nov 08)
- RE: How to track down a wireless hacker ep (Nov 08)
- RE: How to track down a wireless hacker cwright (Nov 10)
- RE: How to track down a wireless hacker ep (Nov 13)
- RE: How to track down a wireless hacker ep (Nov 10)
- Re: How to track down a wireless hacker Jan Heisterkamp (Nov 13)
- RE: How to track down a wireless hacker ep (Nov 13)
- RE: How to track down a wireless hacker cwright (Nov 13)
- Re: RE: How to track down a wireless hacker cwright (Nov 13)
- Re: How to track down a wireless hacker Jan Heisterkamp (Nov 13)