Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: How to track down a wireless hacker

from [ep] Network Security [Permanent Link]
Subject: RE: How to track down a wireless hacker
Date: Wed, 7 Nov 2007 14:11:34 -0900 
Bah, I'm talking wan IP and service not Lan IP and service, thought I was
clear on that. 

What we want is to track the cookie, this MIGHT lead to some mistakes on the
intruders part. Yes, the intruder/s will most likely use someone else's
internet drop to use those identifiable credentials, but what if it's a
internet café? A school library? Another victim? Not only is it fun and
educational to track this info, it's also a possible benefit for others.
Open up the door, give them a cookie and track it's use. Ummm, seems like
there's gonna be some feedback there eh? And bet I would give it a chance to
out weigh any given effort and time. Maybe we need more effort and time?

I have no idea of the resources of the original poster. Besides, the initial
investment is very small. The crux is the tracking of the cookie once it has
been snatched, at it's simplest it's monitoring a log file of the service.
Honestly, this is a small project. Initial setup is under one hour and
checking for the credential use in a log file is automated with a little
bash skill set.

Have fun, 
cg 


 

-----Original Message-----
From: Nicholas Chapel [mailto:nicholas.chapel@gmail.com] 
Sent: Wednesday, November 07, 2007 1:42 PM
To: ep
Cc: jond; pen-test@securityfocus.com
Subject: Re: How to track down a wireless hacker

On 11/7/07, ep <captgoodnight@hotmail.com> wrote:

So setup a duplicate of the previously vulnerable wireless 
configuration and from a secure linux laptop (only thing on the 
segment) simply every 15 minutes pass some unique clear text working 
credentials to a internet facing service you can monitor, like a ftp 
server or pop3 account. Wait for the connection/authentication and log 
the ip, then get law enforcement and the what I think will be a local ISP

involved.

We are talking about wireless, right?  Because in such a scenario, logging
the IP address won't make much of a difference since any IP that the
intruder has would be *one that your DHCP server leased to him*.  There is
no ISP to involve here.  Unless of course the intruder accesses the
FTP/POP3/whatever server from a different connection, in which case he may
very well be on someone *else's* WLAN and you'll end up expending a great
deal of effort and time (both yours and others') and be no closer to knowing
the identity of your malefactor than you were before.

Yeah, I think hoping that the intruder would be daft enough to access his
Hotmail account is about the best you can hope for here.

--Nick


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How to track down a wireless hacker, Nicholas Chapel
Next by Date:  Re: How to find if exploit exist to a reported CVE ?, Joey Peloquin
Previous by Thread:  Re: How to track down a wireless hacker, Nicholas Chapel
Next by Thread:  Re: How to track down a wireless hacker, Francois Larouche
Indexes:  [Date] [Thread] [Top] [All Lists]