November 4th, 2009, 07:33 PM
November 4th, 2009, 11:21 PM
I have taken the time to move this single post from this old 2002 thread>
Network Security Misconceptions: Chatper 2: Tracing
November 6th, 2009, 08:57 PM
Interesting question. How to find that rouge wireless connection.
Access Point is not secure
Even though the AP is unsecured, you know that only 4 mac addresses are allowed to connect to your AP (Don't argue here - I'm making this up as I go)
You notice that 4, authorized, MAC addresses are currently active on your AP; AND you also know one of your four PC's is turned off.
Yea Yea I know how's someone going to know how to monitor an access point and not secure the thing - but hell, it's Friday afternoon.
So how do you find the fourth, unauthorized PC that is connected to your AP using the MAC address of one of your authorized PC's
Also, Assume the offending PC is not in the same building. Think not in your apartment but in the apartment across the street.
November 7th, 2009, 12:34 AM
A lot of people knows nothing about monitoring their routers, and about security. So if someone from ISP gets someone's IP, who is doing something real bad, ISP worker gets to "lawbreaker" house and they see that the real lawbreaker connected to the router, what they should do? How to trace where that person is? Is it some kind of technology to do that?
November 7th, 2009, 12:18 PM
I am not sure the MAC address is that significant if you are not part of the network.
The first problem would be to find where the computer is and the second would be to establish who was using it at the time.
I know that over here I can walk into a store and buy WiFi kit for cash and they know neither who I am nor what the MAC addresses are.
The danger would be if you used your legitimate address and actually belonged to a legitimate network. Law enforcement just might question all network administrators within range.
You do need to stay focused though. Our police in Scotland caught a member of a pedophile ring who was using someone's unsecured WiFi. They traced the WiFi connection and saw that it was being hijacked.
One of the connections to the e-mail account where this porn was being stored was from the network of a large employer in town. It turned out that there was only one employee of that company who lived in range of the WiFi link.............they seized his computer and found the evidence.
Last edited by nihil; November 7th, 2009 at 01:00 PM.
November 7th, 2009, 03:25 PM
Is it possible to find that person if he is connected on a wifi router and we know no more details about him, if he is using fake Mac and he avoids webpages or anything that might compromise him?
It is possible to trace his place or position just tracking he as a router client?
November 7th, 2009, 05:28 PM
In answer to your question; Yes with an if... No with a but...
IMO if you do not use anything that can be identified or traced back to you personally, then how can you get caught/be traced?
Consider sitting down in front of a top CEO's computer which is logged in and unlocked, with all passwords "remembered" - you have unrestricted access to everything using the CEO's logon.... providing you leave no video camera footage, or DNA or business cards at the scene, how can you be caught?
I love hypotheticals, especially in philosophy, but I don't see this one going anywhere... If you could explain what your thought process was with this we can discuss further?
"Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
- Albert Einstein
November 7th, 2009, 06:06 PM
4Fun, as CTO suggests this is very hypothetical and philosophical.
There are a number of dependencies:
1. Who is trying to trace you?
2. To what lengths are they prepared to go?
3. How much background traffic/"noise" is there?
4. How common is WiFi in your area?
Some ideas of what I am trying to get at:
1. The CIA will fry your butt whilst a private individual does not have a cat in hell's chance.
2. Local law enforcement are restricted as to budgets, equipment and skillsets. Federal Agencies are a different matter It all depends on how serious they view the activities as being.
3. If you are active at peak traffic periods there is far less chance of detection than if you operate at 03.30hrs when all respectable people are asleep.
4. If there are not many users it is more tempting for law enforcement to investigate, as they have a limited number of suspects/leads.
Incidentally, what you are proposing is a criminal offence in most countries, so I wouldn't recommend it.
November 7th, 2009, 08:59 PM
Probably I should just ask correctly
What are the methods to find person's location who hijacked wifi router's connection and who is still online, without having any more details?
Can You suggest anything?
November 7th, 2009, 09:36 PM
You might find this thread helpful:
I know its rather old but the principles should apply.
That brings us to the important question of whether this is internal or external. In other words if you knew the "real" MAC address, would you be able to identify the machine and its location?
Do you believe that the machine is static?..............If it is wardriving then I would say you have no chance.
If the machine is external, it should be theoretically possible to track the signal, as it has to communicate with the router, but I don't know just what equipment you would need. Sounds like a FEDS or National Security scenario to me?
Another factor is where this is happening.........inner city, condo, campus and you would have great difficulty............where I live would be much easier as there isn't much WiFi and the buildings are well spaced out.
There is also the possibility that it is going through another compromised machine, or worse a chain of them? That brings us back to the age old problem of determining the identity and location of the actual user.
As I mentioned before, when is this happening. If it is at unusual hours then tracing should be more simple but it is really only going to point you at some buildings. You need to be law enforcement to pursue it further.
By wazmo in forum Network Security Discussions
Last Post: November 13th, 2009, 12:54 AM
By mohitgarg in forum Newbie Security Questions
Last Post: June 26th, 2005, 12:40 AM
By gore in forum Newbie Security Questions
Last Post: December 29th, 2003, 07:01 AM
By br_fusion in forum Newbie Security Questions
Last Post: July 24th, 2003, 04:55 AM
By stuart in forum Miscellaneous Security Discussions
Last Post: March 19th, 2002, 08:23 PM