Penetration Testing mailing list archives

Re: Re: How to track down a wireless hacker


From: cwright () bdosyd com au
Date: 7 Nov 2007 22:01:36 -0000

"My understanding is that it would basically involve tracking the physical signal. "

Assuming that the attack is occuring as you are doing this and you can triangulate it as this occurs. 

This implies having a team ready as this is occuring - if it is still occuring and this means big money.

Regards,
Craig Wright (GSE-Compliance)


--------------------------------------------------------------------------------
From: listbounce () securityfocus com on behalf of Nicholas Chapel
Sent: Thu 8/11/2007 7:35 AM
To: jond
Cc: pen-test () securityfocus com
Subject: Re: How to track down a wireless hacker


On 11/6/07, jond <x () jond com> wrote:
However they also asked me if it's possible to track down the attacker
if this happened again. From what I know, it's not possible is it?

It's *possible*, but that's not saying much.  My understanding is that
it would basically involve tracking the physical signal.  Which is
far, far more effort than is practical given that you've got every
client station transmitting on the same channel.

If the attacker didn't change their MAC address, and say the companies
lawyers could get some sort of court order to intel, dell, etc to
release which MAC address went to which computer and who bought said
computer. Does the manufacture even keep that info?

I would be absolutely astounded if they did have that record.  And
since it's trivial to change the software MAC address, any 'evidence'
would be sketchy at best.

If the attacker did change their MAC address, the real MAC address
will never transverse the wire(AIR) right, or is it still in the
packet somewhere?

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


Current thread: