Re: Locate wifi client

[ToddAndMargo <ToddAndMargo () zoho com>]

Hi! This is the ezmlm program. I'm managing the
security-basics () securityfocus com mailing list.

I'm working for my owner, who can be reached
at security-basics-owner () securityfocus com.

I'm sorry, the list moderators for the security-basics list
have failed to act on your post. Thus, I'm returning it to you.
If you feel that this is in error, please repost the message
or contact a list moderator directly.

--- Enclosed, please find the message you sent.


Re: Locate wifi client.eml
Subject:
Re: Locate wifi client
From:
ToddAndMargo <ToddAndMargo () zoho com>
Date:
10/10/2013 07:23 PM
To:
security-basics () securityfocus com

On 10/09/2013 09:32 AM, Robert Larsen wrote:
> Hi
>
> Anybody knows about hardware/software used for locating a wifi client?
> Somebody is downloading torrents at full speed on our network and nobody
> will admit it (or simply stop), and we really don't want to restrict
> network usage since there are many legal stuff on torrent sites too so
> is there a way of finding a client with a specific mac address?
>
> What will I need?
>
> Robert

Hi Robert.

   You are probably compromized from the outside.  There
are jerks that love doing that so they can hide their
identity.

   If it is coming from the inside, the culprit
won't be able to get his job done -- too much goofing
off.  Their supervisor's will notice.

This is what I would do:

I presume you have a Linux computer at your
disposal?  I like this one:
http://spins.fedoraproject.org/xfce/#downloads
You can try it as a live CD first.  (It really
is a CD, not a DVD.)


1) make sure your Wireless access point (WAP) is using
a good security protocol, such as WPA2.  Note that
WEP is virtuall no security at all.  Change the
logon password to the WAP, to keep other out
and finding out the WPA2 passphrase.

2) change your WPA2 passphrase (password) to
something 12 characters or longer.  I find that
phrases are easier for folks to remember.
Love latin phrases.  And don't tell anyone.
Let them come to you.

3)  See who is on your network with nmap.  The "#"
means root user:

# nmap -sP your_network

On mine network:
# nmap -sP 192.168.1.0/24

Starting Nmap 6.25 ( http://nmap.org ) at 2013-10-10 19:11 PDT
Nmap scan report for 192.168.1.1
Host is up (0.0022s latency).
MAC Address: 00:18:3A:18:5E:8E (Westell Technologies)
Nmap scan report for 192.168.1.38
Host is up.
Nmap scan report for 192.168.1.44
Host is up (0.012s latency).
MAC Address: 00:0D:4B:89:26:47 (Roku)
Nmap scan report for 192.168.1.45
Host is up (0.013s latency).
MAC Address: 00:0D:4B:5A:6C:1B (Roku)
Nmap done: 256 IP addresses (4 hosts up) scanned in 15.86 seconds


You can also try the -Pn to disable ping.  A lot
of person firewalls block ping (ICMP).

Love to know what you find.

-T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------