Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] mac-geolocation : BSSID (MAC) address based geolocation of WiFi access points
From: Fyodor <fyodor () insecure org>
Date: Fri, 27 May 2011 21:10:55 -0700

On Fri, May 27, 2011 at 01:57:54PM +0200, Gorjan Petrovski wrote:
Without further ado, here is the updated version of the script.

Thanks Gorjan!  I haven't looked at the new version of the script yet,
but have a couple comments on your changes:

* The null location (the IP based location of our host when a MAC is
invalid) is now stored in the registry so it's only generated from the
geolocation database only once per scan

Great!

* the nmap.registry[host.ip]["mac-geolocation"] array is read for
MACs, which will be filled by snmp-interfaces.nse (with a patch I'm
making)

At first I was going to suggest that you use a name relating to what
is stored in the registry key rather than what script will use the
information.  But, on the other hand, naming it after the script means
that the script is in charge of the value.  So mac-geolocation could
(and maybe should) delete the array values once it is done with them.
That way they don't bloat the registry more and more as the scan
progresses.

I've tested the Skyhook API in every way I know, using several proxies
(including Tor exit nodes), but I've not been able to get a location
response. The API response is OK, but the location lookup doesn't
return a location. I've also contacted Skyhook, but they haven't
replied. I looked through the official APIs of Skyhook, and they offer
a proprietary compiled library which I suppose is out of the question.

Including it with Nmap is out of the question, but you could always
test it yourself to see if it produces useful data.  And if it does,
you could use a sniffer or something to figure out what it is doing
differently than your script.  For what it is worth, I tested the last
version of your script and Skyhook didin't work for me either.

I'm just gonna leave it there, because it might return a good location
for someone, somewhere.

Well, the code takes up time and bandwidth to execute, and outputs
text that the users has to read.  So we can't leave it in unless it is
proven to give good results.

Cheers,
Fyodor


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]