Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: How to track down a wireless hacker

from [Mathieu CHATEAU] Network Security [Permanent Link]
Subject: Re: How to track down a wireless hacker
Date: Wed, 7 Nov 2007 21:19:36 +0100 
Hello,

He may also just bought a PCMCIA or usb wifi network card in any shop (without any track then).
If you have the mac address, you may try to identify the manufacturer:
http://coffer.com/mac_find/

How do they know they were hacked ? Do you know what interest the hacker ?
You may set up a trap, with honeypot & co to collect data. He may be enough confident to retrieve pop3 mail or any thing cleartext that help identify.

Port mirroring may help to collect data.


Cordialement,
Mathieu CHATEAU
English blog: http://lordoftheping.blogspot.com
French blog: http://www.lotp.fr


----- Original Message ----- From: "jond" <x@jond.com>
To: <pen-test@securityfocus.com>
Sent: Wednesday, November 07, 2007 1:27 AM
Subject: How to track down a wireless hacker


I have a new client who was setup with a wireless network a while back
using WPA encryption by another firm.
An 'unauthorized user' broke the encryption and got onto their network.
They've come to me to design a solution so that this doesn't happen
again, which isn't a problem.


However they also asked me if it's possible to track down the attacker
if this happened again.
From what I know, it's not possible is it?

If the attacker didn't change their MAC address, and say the companies
lawyers could get some sort of court order to intel, dell, etc to
release which MAC address went to which computer and who bought said
computer. Does the manufacture even keep that info?

If the attacker did change their MAC address, the real MAC address
will never transverse the wire(AIR) right, or is it still in the
packet somewhere?

Any other thoughts or ideas to track someone down?
Is any other info leaked that I'm not thinking about?





Thanks,
Jon

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------





------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Announcement : CCWAPSS methodology release 1.1, Frederic Charpentier
Next by Date:  Re: How to track down a wireless hacker, Nicholas Chapel
Previous by Thread:  How to track down a wireless hacker, jond
Next by Thread:  Re: How to track down a wireless hacker, Nicholas Chapel
Indexes:  [Date] [Thread] [Top] [All Lists]