Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Can i be traced while using a spoofed Mac Addresse?

  1. #1
    Junior Member
    Join Date
    Nov 2009
    Posts
    5

    Post Can i be traced while using a spoofed Mac Addresse?

    Hi
    Can I be traced or found if, I use fake Mac, for a connection over Wifi every time and I compromised the wifi router, so I can delete logs anytime (although I don’t think it is necessary because my Mac is faked in every new connection over wifi anyway). When I check my IP on whois.com or whatever.., it shows router's host IP. If I use live cd for example knoppix or backtrack, there are logs on my machine’s memory only till I restart it.
    I don’t use any info about myself and I don’t visit webpages in witch I have accounts.

    Wifi cards could be recognized by their dynamic Mac, and if we know the type and
    manufacturer so we know more details as signal distance. If we don't know the real Mac, I could be traced only by signal strength of my connection. I use very powerful wifi transmitter, so I could be really far from the access-point (wifi router) and many difficulty’s as buildings and etc. could be in our way. I know there are some programs as Gkismet, witch use gps to find the locations of access-points. Can wifi clients be traced in a similar way? What is the risk of being caught in this way?
    p.s. sorry for bad English grammar

  2. #2
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Arrow

    I have taken the time to move this single post from this old 2002 thread>

    Network Security Misconceptions: Chatper 2: Tracing

  3. #3
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    Interesting question. How to find that rouge wireless connection.

    premise:

    Access Point is not secure

    Even though the AP is unsecured, you know that only 4 mac addresses are allowed to connect to your AP (Don't argue here - I'm making this up as I go)

    You notice that 4, authorized, MAC addresses are currently active on your AP; AND you also know one of your four PC's is turned off.

    Yea Yea I know how's someone going to know how to monitor an access point and not secure the thing - but hell, it's Friday afternoon.

    So how do you find the fourth, unauthorized PC that is connected to your AP using the MAC address of one of your authorized PC's

    Also, Assume the offending PC is not in the same building. Think not in your apartment but in the apartment across the street.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  4. #4
    Junior Member
    Join Date
    Nov 2009
    Posts
    5
    A lot of people knows nothing about monitoring their routers, and about security. So if someone from ISP gets someone's IP, who is doing something real bad, ISP worker gets to "lawbreaker" house and they see that the real lawbreaker connected to the router, what they should do? How to trace where that person is? Is it some kind of technology to do that?

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I am not sure the MAC address is that significant if you are not part of the network.

    The first problem would be to find where the computer is and the second would be to establish who was using it at the time.

    I know that over here I can walk into a store and buy WiFi kit for cash and they know neither who I am nor what the MAC addresses are.

    The danger would be if you used your legitimate address and actually belonged to a legitimate network. Law enforcement just might question all network administrators within range.

    EDIT:

    You do need to stay focused though. Our police in Scotland caught a member of a pedophile ring who was using someone's unsecured WiFi. They traced the WiFi connection and saw that it was being hijacked.

    One of the connections to the e-mail account where this porn was being stored was from the network of a large employer in town. It turned out that there was only one employee of that company who lived in range of the WiFi link.............they seized his computer and found the evidence.
    Last edited by nihil; November 7th, 2009 at 02:00 PM.

  6. #6
    Junior Member
    Join Date
    Nov 2009
    Posts
    5
    Is it possible to find that person if he is connected on a wifi router and we know no more details about him, if he is using fake Mac and he avoids webpages or anything that might compromise him?
    It is possible to trace his place or position just tracking he as a router client?

  7. #7
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    In answer to your question; Yes with an if... No with a but...

    IMO if you do not use anything that can be identified or traced back to you personally, then how can you get caught/be traced?

    Consider sitting down in front of a top CEO's computer which is logged in and unlocked, with all passwords "remembered" - you have unrestricted access to everything using the CEO's logon.... providing you leave no video camera footage, or DNA or business cards at the scene, how can you be caught?

    I love hypotheticals, especially in philosophy, but I don't see this one going anywhere... If you could explain what your thought process was with this we can discuss further?

    Peace
    CTO
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    4Fun, as CTO suggests this is very hypothetical and philosophical.

    There are a number of dependencies:

    1. Who is trying to trace you?
    2. To what lengths are they prepared to go?
    3. How much background traffic/"noise" is there?
    4. How common is WiFi in your area?

    Some ideas of what I am trying to get at:

    1. The CIA will fry your butt whilst a private individual does not have a cat in hell's chance.
    2. Local law enforcement are restricted as to budgets, equipment and skillsets. Federal Agencies are a different matter It all depends on how serious they view the activities as being.
    3. If you are active at peak traffic periods there is far less chance of detection than if you operate at 03.30hrs when all respectable people are asleep.
    4. If there are not many users it is more tempting for law enforcement to investigate, as they have a limited number of suspects/leads.

    Incidentally, what you are proposing is a criminal offence in most countries, so I wouldn't recommend it.

  9. #9
    Junior Member
    Join Date
    Nov 2009
    Posts
    5
    Probably I should just ask correctly
    What are the methods to find person's location who hijacked wifi router's connection and who is still online, without having any more details?
    Can You suggest anything?

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    You might find this thread helpful:

    http://antionline.com/showthread.php?t=249383

    I know its rather old but the principles should apply.

    That brings us to the important question of whether this is internal or external. In other words if you knew the "real" MAC address, would you be able to identify the machine and its location?

    Do you believe that the machine is static?..............If it is wardriving then I would say you have no chance.

    If the machine is external, it should be theoretically possible to track the signal, as it has to communicate with the router, but I don't know just what equipment you would need. Sounds like a FEDS or National Security scenario to me?

    Another factor is where this is happening.........inner city, condo, campus and you would have great difficulty............where I live would be much easier as there isn't much WiFi and the buildings are well spaced out.

    There is also the possibility that it is going through another compromised machine, or worse a chain of them? That brings us back to the age old problem of determining the identity and location of the actual user.

    As I mentioned before, when is this happening. If it is at unusual hours then tracing should be more simple but it is really only going to point you at some buildings. You need to be law enforcement to pursue it further.

Similar Threads

  1. Tools for tracking spoofed IP addresses
    By wazmo in forum Network Security Discussions
    Replies: 10
    Last Post: November 13th, 2009, 01:54 AM
  2. eudora bug used to send spoofed mail
    By mohitgarg in forum Newbie Security Questions
    Replies: 20
    Last Post: June 26th, 2005, 12:40 AM
  3. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  4. Sniffing switchs with spoofed arp messages..
    By br_fusion in forum Newbie Security Questions
    Replies: 5
    Last Post: July 24th, 2003, 04:55 AM
  5. Spoofed IPs
    By stuart in forum Miscellaneous Security Discussions
    Replies: 8
    Last Post: March 19th, 2002, 09:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •