Security Basics mailing list archives

Re: About War Driving ..

From: "Francois Yang" <francois.y () gmail com>
Date: Mon, 4 Dec 2006 07:42:43 -0600

I agree with most of everyone here.  Use wpa2 for encryption. Wpa is
still susceptible to a dictionary attack. as far as catching the guy
or girl right handed. the chances of it are slim unless you spend alot
of money on equipment and software or they screw up.  instead, you
should setup a sniffer and try to capture as much traffic as you can
and review the traffic at a later time.  The traffic, may reveal what
sites he/she likes to go to.  if they have a server or webpage at home
or somewhere that they always access after getting online. I've seen
where someone would hack a server, then call home, and when you go to
their home page, it displays their real name or nick name.  Then you
can google for that name and you usually find something good.....also
as someone else mentioned. it could be someone bringing in their
personal laptop.  You should try to locate, the offending MAC address
and associated IP address. if you can't log everything from the
wireless AP.
Then look thru the log or captured traffic for that address.  If you
get a computer name. You might be able to find the same computer name
on your wired network. if this happens, then you can nail the person.
There are many different options here beside the one about changing
encryption.  Without knowing your network, we can only offer so much.


On 12/1/06, Roman Shirokov <insecure () yandex ru> wrote:

Hi

You wrote 29 ноября 2006 г., 17:17:15:

> Hi ,
> I was wondering if it is possible to locate and catch
> a guy who is connecting to our wep wireless network
> and downloading stuff from torrents and using up our
> bandwidth ..
> I checked up with arp scan and found 2 unknown IPs
> 192.168.1.246 and 247
> Is there anyway of locating the guy in a building of 7
> floors and how to stop this ..I have tried changing
> the Wep keys so . he is cracking the wep key.
> Any Suggestion People ?
> ---gaurav

You may try authentication based on MAC-address of client machine.
Although attacker may be able to spoof MAC-address too. I think you
need a complex desicion, based on strong cryptography (WPA2),
mac-address filtering, proxy-server (where you autheticate users with
login and pass), etc..

--
Best regards,
 Roman
 securitybox () softhome net
 http://securitybox.org.ru

Current thread:

RE: About War Driving .., (continued)
- - RE: About War Driving .. Andrew Aris (Dec 06)
- Re: About War Driving .. RS (Dec 01)
- RE: About War Driving .. Murad Talukdar (Dec 01)
- Re: About War Driving .. kjpang_nospam (Dec 01)
- Re: About War Driving .. joetech691 (Dec 01)
- Re: About War Driving .. Colin Copley (Dec 01)
- Re: About War Driving .. Larry Offley (Dec 01)
  - Re: About War Driving .. Gouki (Dec 04)
- Re: About War Driving .. bucklerk (Dec 01)
- Re: About War Driving .. Roman Shirokov (Dec 01)
  - Re: About War Driving .. Francois Yang (Dec 04)
- Re: Re: About War Driving .. s (Dec 04)
- Re: RE: About War Driving .. nratkevicius (Dec 04)
  - Re: RE: About War Driving .. Francois Yang (Dec 06)
  - RE: About War Driving .. David Gillett (Dec 06)
- Re: About War Driving .. Paul daSilva (Dec 04)
- Re: Re: About War Driving .. giles (Dec 04)
- RE: About War Driving .. Dan Bogda (Dec 04)
- Re: Re: About War Driving .. anone (Dec 04)
- RE: Re[2]: About War Driving .. Paul Stone (Dec 07)
  - RE: Re[2]: About War Driving .. David Gillett (Dec 08)

(Thread continues...)