From: cwright@bdosyd.com.au
Date: Wed Nov 07 2007 - 17:01:36 EST
Assuming that the attack is occuring as you are doing this and you can triangulate it as this occurs.
This implies having a team ready as this is occuring - if it is still occuring and this means big money.
Regards,
Craig Wright (GSE-Compliance)
--------------------------------------------------------------------------------
From: listbounce@securityfocus.com on behalf of Nicholas Chapel
Sent: Thu 8/11/2007 7:35 AM
To: jond
Cc: pen-test@securityfocus.com
Subject: Re: How to track down a wireless hacker
On 11/6/07, jond <x@jond.com> wrote:
> However they also asked me if it's possible to track down the attacker
> if this happened again. From what I know, it's not possible is it?
It's *possible*, but that's not saying much. My understanding is that
it would basically involve tracking the physical signal. Which is
far, far more effort than is practical given that you've got every
client station transmitting on the same channel.
> If the attacker didn't change their MAC address, and say the companies
> lawyers could get some sort of court order to intel, dell, etc to
> release which MAC address went to which computer and who bought said
> computer. Does the manufacture even keep that info?
I would be absolutely astounded if they did have that record. And
since it's trivial to change the software MAC address, any 'evidence'
would be sketchy at best.
> If the attacker did change their MAC address, the real MAC address
> will never transverse the wire(AIR) right, or is it still in the
> packet somewhere?
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:12 EDT