RE: How to track down a wireless hacker
- From: "ep" <captgoodnight@xxxxxxxxxxx>
- Date: Thu, 8 Nov 2007 09:55:59 -0900
"But if by some luck you find who that guy is or where he is, what then?"
For sure. Though for starters we don't know if it's just some kid with a
copy of cowpatty/aircrack and kismet rolling yet another access point OR an
actual attempt placed upon the company. Depending on the company's
interests/business, location and if any loss occurred this could be a
serious thing and the suits may decide that actions need to be an option.
And if I read right, it sounds like the powers that be upstairs are
interested in finding out who this baddie is. Honeycookies aren't anything
new, think intentional vulnerable internet facing databases/hosts with false
credit card numbers and the resources to track the use of those numbers.
"You call the police and tell them that a guy is at that internet cafe andis hacking me or my company?"
I hear ya, what's scary is this has happened already. People have been
prosecuted just for being parked outside some dude's house using his
internet connection. It all depends on the company...
"So the bottom line is train the people in the company and secure thewireless network. How you do that? That is the real good question :)"
Obviously I so agree, I'm sure the techs in charge of that AP config are
aware of the mistakes now.
Ah, if only all pentesters were also honeynet admins, /sigh :) Seriously,
with little effort and time one can create an environment where the odds
will be in his favor if this cat were to return and then make a simple human
error. This is a very credible and practiced method for "How to track down a
wireless hacker" and a heck lot cheaper than trianglization.
--cg
-----Original Message-----
From: Francois Larouche [mailto:francois.larouche-ml@xxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, November 08, 2007 8:35 AM
To: ep
Cc: 'Nicholas Chapel'; 'jond'; pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: How to track down a wireless hacker
Don't take me wrong I do find it intellectually challenging and fun to try
to track someone who is hacking you, whether it be possible or not over
wireless. And also really educative and interesting to see what people come
up for ways to track that hacker.
But if by some luck you find who that guy is or where he is, what then?
You call the police and tell them that a guy is at that internet cafe and is
hacking me or my company? It ought to have a special police line for that :)
If they ever take you seriously and come the guy would be probably gone. Or
you grab your baseball bat and go beat him up?
Realistically, besides the fact that it might be fun to do there is not much
to do about it.
So the bottom line is train the people in the company and secure the
wireless network. How you do that? That is the real good question :)
My two cents
Cheers
Francois
Bah, I'm talking wan IP and service not Lan IP and service, thought Ipossible benefit for others.
was clear on that.
What we want is to track the cookie, this MIGHT lead to some mistakes
on the intruders part. Yes, the intruder/s will most likely use
someone else's internet drop to use those identifiable credentials,
but what if it's a internet café? A school library? Another victim?
Not only is it fun and educational to track this info, it's also a
Open up the door, give them a cookie and track it's use. Ummm, seemsand time?
like there's gonna be some feedback there eh? And bet I would give it
a chance to out weigh any given effort and time. Maybe we need more effort
file of the service.
I have no idea of the resources of the original poster. Besides, the
initial investment is very small. The crux is the tracking of the
cookie once it has been snatched, at it's simplest it's monitoring a log
Honestly, this is a small project. Initial setup is under one hour andknowing
checking for the credential use in a log file is automated with a
little bash skill set.
Have fun,
cg
-----Original Message-----
From: Nicholas Chapel [mailto:nicholas.chapel@xxxxxxxxx]
Sent: Wednesday, November 07, 2007 1:42 PM
To: ep
Cc: jond; pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: How to track down a wireless hacker
On 11/7/07, ep <captgoodnight@xxxxxxxxxxx> wrote:
So setup a duplicate of the previously vulnerable wirelessinvolved.
configuration and from a secure linux laptop (only thing on the
segment) simply every 15 minutes pass some unique clear text working
credentials to a internet facing service you can monitor, like a ftp
server or pop3 account. Wait for the connection/authentication and log
the ip, then get law enforcement and the what I think will be a local ISP
We are talking about wireless, right? Because in such a scenario, logging
the IP address won't make much of a difference since any IP that the
intruder has would be *one that your DHCP server leased to him*. There is
no ISP to involve here. Unless of course the intruder accesses the
FTP/POP3/whatever server from a different connection, in which case he may
very well be on someone *else's* WLAN and you'll end up expending a great
deal of effort and time (both yours and others') and be no closer to
the identity of your malefactor than you were before.
Yeah, I think hoping that the intruder would be daft enough to access his
Hotmail account is about the best you can hope for here.
--Nick
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- Re: How to track down a wireless hacker
- From: Francois Larouche
- Re: How to track down a wireless hacker
- Prev by Date: Re: How to track down a wireless hacker
- Next by Date: Re: How to find if exploit exist to a reported CVE ?
- Previous by thread: Re: How to track down a wireless hacker
- Next by thread: RE: How to track down a wireless hacker
- Index(es):
Relevant Pages
|
