"My understanding is that it would basically involve tracking the physical
signal. "
Assuming that the attack is occuring as you are doing this and you can
triangulate it as this occurs.
This implies having a team ready as this is occuring - if it is still occuring
and this means big money.
Regards,
Craig Wright (GSE-Compliance)
--------------------------------------------------------------------------------
From: listbounce@securityfocus.com on behalf of Nicholas Chapel
Sent: Thu 8/11/2007 7:35 AM
To: jond
Cc: pen-test@securityfocus.com
Subject: Re: How to track down a wireless hacker
On 11/6/07, jond <x@jond.com> wrote:
However they also asked me if it's possible to track down the attacker
if this happened again. From what I know, it's not possible is it?
It's *possible*, but that's not saying much. My understanding is that
it would basically involve tracking the physical signal. Which is
far, far more effort than is practical given that you've got every
client station transmitting on the same channel.
If the attacker didn't change their MAC address, and say the companies
lawyers could get some sort of court order to intel, dell, etc to
release which MAC address went to which computer and who bought said
computer. Does the manufacture even keep that info?
I would be absolutely astounded if they did have that record. And
since it's trivial to change the software MAC address, any 'evidence'
would be sketchy at best.
If the attacker did change their MAC address, the real MAC address
will never transverse the wire(AIR) right, or is it still in the
packet somewhere?
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
