Re: How to track down a wireless hacker

From: Mathieu CHATEAU (gollum123@free.fr)
Date: Wed Nov 07 2007 - 15:19:36 EST

• Next message: cwright@bdosyd.com.au: "Re: How to track down a wireless hacker"
• Previous message: Walsh, Leo: "RE: How to find if exploit exist to a reported CVE ?"
• In reply to: jond: "How to track down a wireless hacker"
• Next in thread: cwright@bdosyd.com.au: "Re: How to track down a wireless hacker"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

He may also just bought a PCMCIA or usb wifi network card in any shop
(without any track then).
If you have the mac address, you may try to identify the manufacturer:
http://coffer.com/mac_find/

How do they know they were hacked ? Do you know what interest the hacker ?
You may set up a trap, with honeypot & co to collect data. He may be enough
confident to retrieve pop3 mail or any thing cleartext that help identify.

Port mirroring may help to collect data.

Cordialement,
Mathieu CHATEAU
English blog: http://lordoftheping.blogspot.com
French blog: http://www.lotp.fr

----- Original Message -----
From: "jond" <x@jond.com>
To: <pen-test@securityfocus.com>
Sent: Wednesday, November 07, 2007 1:27 AM
Subject: How to track down a wireless hacker

>I have a new client who was setup with a wireless network a while back
> using WPA encryption by another firm.
> An 'unauthorized user' broke the encryption and got onto their network.
> They've come to me to design a solution so that this doesn't happen
> again, which isn't a problem.
>
>
> However they also asked me if it's possible to track down the attacker
> if this happened again.
> From what I know, it's not possible is it?
>
> If the attacker didn't change their MAC address, and say the companies
> lawyers could get some sort of court order to intel, dell, etc to
> release which MAC address went to which computer and who bought said
> computer. Does the manufacture even keep that info?
>
> If the attacker did change their MAC address, the real MAC address
> will never transverse the wire(AIR) right, or is it still in the
> packet somewhere?
>
> Any other thoughts or ideas to track someone down?
> Is any other info leaked that I'm not thinking about?
>
>
>
>
>
> Thanks,
> Jon
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: cwright@bdosyd.com.au: "Re: How to track down a wireless hacker"
• Previous message: Walsh, Leo: "RE: How to find if exploit exist to a reported CVE ?"
• In reply to: jond: "How to track down a wireless hacker"
• Next in thread: cwright@bdosyd.com.au: "Re: How to track down a wireless hacker"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:12 EDT