Re: About War Driving ..
- From: "Dave Moore" <dave.j.moore@xxxxxxxxx>
- Date: Fri, 1 Dec 2006 21:01:52 -0600
I don't know much about wireless, but I know quite a bit about lower
frequency RF.. if you are absolutely intent on catching this guy,
here's what I would try.
1. Get a spectrum analyzer capable of operating >= 2.487 GHz
2. Get a directional antenna or two, likewise in the 2.4GHz band. The
more directional, the better. A multiple (>8) element yagi would be
great.
3. Turn off (i.e. disable radio) every wireless card in your office
except for the AP. If you have multiple APs, just leave one on.
4. Find out what channel your AP operates on. Every channel translates
to a specific frequency. The frequencies are 2.412 GHz to 2.487 GHz.
Each channel is 22 MHz in bandwidth, yet the channel spacing is only 5
MHz. (2.412, 2.417, 2.422, etc.)
5. Tune your spectrum analyzer to the appropriate frequency and attach
directional antenna. Start sweeping it around. You'll get a spike from
your AP, if you get another spike in another direction that might be
the person who is using your network. Or, it might be a cordless
phone, or another network entirely.
I have tracked down illegal/unlicensed transmitters in the past, and
it is very much hit and miss. If you have to do it then you have to do
it, but you've been warned.
On 11/30/06, gaurav saha <gauravsaha007@xxxxxxxxx> wrote:
Hey Guys,
thanks a lot . Will try WPA . btw ..i did try mac
filtering and as some people suggested he seems to be
changing the mac address ..and hence ...
i also tried to give access to only the people in our
companies but still he then uses some valid macs of
the user whose macs i have allowed ..
Yes he seems to be very near to our network and just
using our wep .. is there any way to catch him in
person (red handed)..I mean physically .
well i did try doing all sort of security probe in my
network the one problem i found was WEP mechanism .
and then i also port scan and did a short va on his
system . he seems to be running debian (kernel 2.6.x)
and has only 1 port on his box open (111)
other than that nothing much ..I also tried using
arpscan / dsniff and tried to see what sites he has
been browsing . but only found usernames like
hotty_male23in@xxxxxxxxx and emails of that kind .
(cudn't find the password though)
not much of http sites sites but mostly what his
machines is connecting after i reset his connection
seem to be torrent related .
from there i concluded he is using some torrent thing.
and our building is 7 floors and there are about 3
companies .and the person whos been using up all our
b/w doesn't seem to be one of our employee .
so any method to catch hold of this guy .
---gaurav
____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GAT d-(+) s+: a24 C++ UBL++ P+>+++ L++ E--- W+++$ N+ o? K? w O? M-- V?
!PS !PE Y PGP- t++ 5++ X+ R+++ tv+ b++ DI++++ D++ G e+ h-- r++ y+
------END GEEK CODE BLOCK------
- References:
- Re: About War Driving ..
- From: Robert Szewczyk
- Re: About War Driving ..
- From: gaurav saha
- Re: About War Driving ..
- Prev by Date: Re: About War Driving ..
- Next by Date: Re: About War Driving ..
- Previous by thread: Re: About War Driving ..
- Next by thread: Re: About War Driving ..
- Index(es):
Relevant Pages
|
