tracing cellphones/internet connections?

Ahhh good question.

This is why we need more implementation on IDS systems or things that READ into packets. He can only spoof "so much". When you capture live data, and capture the packets, the right person can see the real MAC address, or real data of the machine either that being a PDA or Blackberry or laptop.

Think about the recourse he has to go through on spoofing. It can sometimes make alot of noise he hopes won't be seen. He can't lie, only emulate the lie. I would need to look into more of how wireless differs from hardline, as I don't mess with wireless networks other than pentest for problems. Good question though... Gets me thinking, I like that.

Also, Businesses data lines differ from that in the accounting look than that of ISP's. My thoughts on this seem wish washy now as I'm tired, (just went through some MD5 crap), But most people pay a provider of internet and people usually associate the whois with where the server is. This is wrong. Like, the whois on a Comcast will show PA, as that is where the accounting "headquarters" are. The backbones of ISP's are shared lines through like, Sprintlink, SBC crap or their own.

Uh... capture the MAC address (which could also be spoofed)? Perhaps I'm still missing something but I thought that MAC address resolutions were sort of a local thing and couldn't go beyond the immediate router. I think I'm missing something.

Quote:

---

Also, Businesses data lines differ from that in the accounting look than that of ISP's. My thoughts on this seem wish washy now as I'm tired, (just went through some MD5 crap), But most people pay a provider of internet and people usually associate the whois with where the server is. This is wrong. Like, the whois on a Comcast will show PA, as that is where the accounting "headquarters" are. The backbones of ISP's are shared lines through like, Sprintlink, SBC crap or their own.

---

Be that as it may, I would image quite a few of the attackers coming from sources other than business lines. I've done the what-if scenario... *IF* I was to do an attack, find a large enough city that few knew I was going to, find an open area, put on gloves and use their systems. It's really hard to track someone using the public libary. Then again, they may have cameras. So next option would be to wardrive from a community where there are lots of open APs and little attention given to someone "being there" (e.g., student residence).

Doesn't mean that it's impossible to track but rather how deep and determined are the pockets of those after me?

Well as I said before, having good Engress/Egress filters, and good surveillence people manning the network as well as setting up a good network could eliminate this issues. You see, people with cable or DSL modems have a hard time spoofing mac's as they have one in the modem too, and with software running that knows what is what....this should not occur. I setup with my ISP a test, and they saw it. NOC Center picked it in 20 seconds. I've assigned 10 Macs to my modem and they called me at 2:30am to ask what I was doing. My modem carries it's own 10.x.x.x IP within the network and shut it down when "bad" things happen.

I'm not sure as I said about wireless equipment. I will look into and ask around. That is very interesting. Things like protocols, and information trading back and forth. Never really even looked into it that well. But my brother in law is a Network Engineer in a Cisco WLAN environment so he should know.

Hey I see you're CISSP, good job! I'm working towards one soon and would love to just sit and teach end users all day about the simplicity of security. Social Engineering, passwords, and how they keep their workstations....

Sorry if I was confusing to read, I've been on muscle relaxers and have a hard time keeping a level thought lately, I never meant to confuse IP's of foxnews.com and home users in limbo. I just didn't want a strike against me for using an IP of someone without express written consent....


Doesn't mean that it's impossible to track but rather how deep and determined are the pockets of those after me? I second that, it matters on who's even gonna look, and if they want to do anything about it. FBI Spokesman Jeff Lanza told me that 45% of hacks aren't reported due to the "I'm afraid of losing customers" theory.

wait, i didnt get the stuff about the gps... how can they get my global position from my ip? and what does all of this have to do with IDS and mac addresses?

Quote:

---

wait, i didnt get the stuff about the gps... how can they get my global position from my ip? and what does all of this have to do with IDS and mac addresses?

---

That is probably because this thread is addressing two distinct technologies:

1. Mobile phones
2. The internet

GPS is "global positioning system"................that is how your emergency call on your cellphone is located. I cold drop a 155mm shell on your toes with that.........typically no more than three feet out!

Your IP address is given to you by your ISP. Typically a trace will lead to the ISP location, not yours..............for example mine would be about 120 miles away. Then it is a logs and tracing exercise. If I use a cellphone I emit a signal. The internet will not neccessarily do so, and will only be to retain the connection to my ISP if I am not doing anything on the net.

IDS = Intrusion Detection System, MAC addresses relate to hardware................not really relevant in the original context of the post.

Hope that helps :)

Just thought i would put my oar in here.

And i must admit i have not read all the posts but; if you use a moblie phone. It is possible to pinpoint your location within a few metres. If you think about it, the art of (DF) direction finding has been around for some time. At least since the second world war.

Now, our mobile phones need to keeep a connection to the network we use. They do this by sending a signal to the network every so often (i believe 15 min's). This signal is picked up by the nearest mast, but also by any other masts within range. The signal would be like, hello it's me. The reply would be like, yes we know.

So you have a network that communicates all the time. Back in World war 2 it would take three DF's to pin point the location of a transmitter and it would nead to transmit for the length of time, an opperator could set up his gear and identify the direction it came from. These days it can be done done with 2 and it is instantaniuos. So as long as you are within range of at least 2 masts, you can be pinpointed. Even if you are not using your cell phone, it just neads to be switched on.

Well its all an easy way to track any one using the IP addy, but am not sure bout the Cell phones , In order to track someone via using the IP u need to D/L a Software Called VisualRoute from www.visualware.com its an awesome tool. One more thing if u get the IP of ISP then u cant get into the person's info coz ur getting the information of the ISP Itself.

Okay...im not totaly clear about the wireless internet issue...and have wanting to ask this for a while, but havent gotten around to it....

say i walk into borders or panera, and soak up their wifi....IF the powers that be were after me, the would go to borders/panera, but wouldnt be able to find me? Doesnt the wifi log some information about your computer? (laptop, in this case) Obviously it prolly knows your IP and MAC, but cant it go deeper than that? (as far as what the router knows about you, and what THEY can track on the other side of the router)

-z3

If you war drive a home wifi network, it is very easy to remain anonimous. Practicaly the only way to id you is visualy. On the other hand most ISP's have a clause in there AUP that states, "You should not allow anonimous access". So if you take no steps to secure your network, you are in breach of your ISP's AUP.

DFing a mobile phone would require very close appoximation. They transmit about 1/8 to a 1/4 w. Then you would have to know which frequency it is tuned too. That information comes from the controller in real time, he (the machine) assigns a frequency. Then on that same frequency are a host of other phones in their own time slots. In a practical sense you would need some intimate knowledge and highly specialized equipment to follow the frequency hopping algoithm, and then some how isolate a single phone attached to a frequency and cell site with about 100 others to choose from. Now if you are out in an isolated area, the rules change but in general its pretty much impossible. Then even to get a good DF you would need at least 2 readings, not just a few feet apart but hundreds.

Adding GPS to a phone makes it possible within about say 130 feet IF, and that is a big IF, your phone has visibility to about 6 GPS satelites. If say; 1 or 2 sats are visible that goes to within 300+ feet and if you are in a moving car or a building, you can forget it. The phones are not powerful enough to calculate a moving trajectory or see sats within some cars and especially a building.

Just spouting some thoughts.