Can i be traced while using a spoofed Mac Addresse?

Printable View

Show 40 post(s) from this thread on one page

November 8th, 2009, 06:33 PM
CybertecOne

Quote:

Probably I should just ask correctly:)
What are the methods to find person's location who hijacked wifi router's connection and who is still online, without having any more details?
Can You suggest anything?:)

The short answer is no, there is nothing you are able to do in regards to identifying who is connected to a wifi router. If you connect to the router to view details about this "guest" you will be able to reveal the NIC MAC & IP address, but little more.

On a network, the next logical step in order to identify a workstation/user is to connect to and logon to the workstation. You would need valid logon credentials to do this, providing the workstation is not protected by a firewall preventing such access.

Once you have logged on or connected to the workstation you may be able to check things such as computer name, domain, owner details etc. But seeing as the workstation connected to the wifi is unknown to you, having valid credentials is unlikely.

I would suggest trying default logon names such as 'Administrator' or 'User' etc that may not be password protected, but this is morally unsettling and even unlawful as the workstation does not belong to you. Besides, most remote connections require the account to be password protected else connection is denied.

Staying on the subject of what does belong to you - the wifi router - I have two thoughts on the matter.

1) Administration - Do not worry about the unwanted activity on the network/internet as it is expected and typical. Instead, take action preventing the problems caused by the unwanted activity; Antivirus software, firewalls, security, encryption etc... These are all solutions to unwanted problems. Change the network key on the wifi and use a MAC filter, disable DHCP on the wifi router will also stop some users in their tracks.

and

2) How an unwanted guest connected to your wifi in the first place is, sadly, your own fault. So instead of trying to 'track down' the unwanted guest you should be dealing with the problem of security on your wifi and cut the guest off at the source of the issue.

From a different perspective (that I do not think would be true) it almost seems as if you have intentionally allowed unknown workstations to connect to your wifi - which is clearly free from any kind of network key or encryption - with the intention of trying to gleen information about those uneducated people who connect to an unknown and unprotected wifi. The reasons for doing such a thing, well that is nothing good i'm sure.

Anyways - sorry to ramble on.... I forget, why were you asking this question again?

CTO
December 22nd, 2009, 09:05 PM
tarpi

Quote:

Originally Posted by 4Fun

Hi:)
Can I be traced or found if, I use fake Mac, for a connection over Wifi every time and I compromised the wifi router, so I can delete logs anytime (although I don’t think it is necessary because my Mac is faked in every new connection over wifi anyway).

Yes you can be found physically, if the owner of a wifi is a real geek and/or really paranoid about who is using hsi stuff.
There are radio direction finders(RDF) that would point in the direction of your physical location so long as your wifi card is active.
RDF is basically highly directional antenna like the parabolic dish, hooked up to a laptop/pc that runs spectrum analyzer or even an airopeek or netstumbler.

http://forums.wi-fiplanet.com/showthread.php?t=2690
December 22nd, 2009, 11:22 PM
nihil

Quote:

There are radio direction finders(RDF) that would point in the direction of your physical location so long as your wifi card is active.

That's the theory, but your mileage will vary depending on:

1. Quality of the equipment
2. Strength of signal and interference.
3. Density of WiFi users

Basically it is very difficult in high density population areas with a lot of WiFi users. You get a direction and maybe even a building, but who and where is a different matter.
December 23rd, 2009, 12:10 AM
Linen0ise

Sorry this is 2009. Anyone leaving their access point unsecured should be taught a lesson. Authorities could care less. If you can get an access point to spill out it's ARP entries. they could get the MAC and they address you used. By then it will be too late unless you are dumb enough to sit in the area.
December 27th, 2009, 04:06 PM
ByTeWrangler

Simple answer, No.
December 28th, 2009, 01:08 AM
dinowuff

Hey byte...

The ap transmits its location (or availability) and the wireless card transmits its "need for a connection" there must be a way to track that, yes? After all we can find a cell phone within 10 meters of a cell tower.
December 29th, 2009, 02:19 AM
CybertecOne

Quote:

The ap transmits its location (or availability) and the wireless card transmits its "need for a connection" there must be a way to track that, yes? After all we can find a cell phone within 10 meters of a cell tower.

This is called triangulation, and is only possible when there are 2 AP's (or in this case phone towers).

This is measuring the distance between Phone Tower 1 and the device, then measuring the distance between Phone Tower 2 and the device. Then with the distance between Tower 1 & Tower 2 known, you can work out the location of the device. Simple Triganomotry.

In conclusion, I am sure this is possible when trying to locate a Wifi signal, however you must have 2 recievers at different locations, set apart by a known distance. (even if this is within the same room, a few feet apart)
December 30th, 2009, 09:30 PM
dinowuff

Simple? Hell I can't even spell Trigonometry.

I was actually thinking; in my own head, how one would identify Type, Gain, and Beamwidth.
December 31st, 2009, 10:13 AM
CybertecOne

I was wondering if anyone would pick that up dinowuff :)

My final judgement on this matter however, is that unless sensitive data is being compromised, the cost/effort of tracing someone greatly outweighs the benefit when simpler solutions are available on the AP alone.

CTO
January 1st, 2010, 04:30 PM
nihil

As far as I am aware this is going to be a one on one connection, so where are you going to get your second point to make your triangle and thus determine the range?

On another note, would it be possible to trace the destination of the rogue user's traffic passing through the AP?

Quote:

the cost/effort of tracing someone greatly outweighs the benefit when simpler solutions are available on the AP alone.

I agree, you would really need to be a spook or law enforcement, and they generally have suspects to begin with.

Show 40 post(s) from this thread on one page