Jump to content

Pin Pointing WiFi Users


PC646
 Share

Recommended Posts

Cool little gadget for law enforcement that pinpoints the location of a wifi user, however cant netstumbler do this for free?

http://www.digitalcertainty.biz/products.htm

Is anyone else wondering if you can set up a pineapple to proxy your connections?

Link to comment
Share on other sites

Hmm, want to circumvent it? Use a 802.11a wireless system. It only sees b/g

Seriously, it acts more like Kismet being passive and doing a triangulation based on signal strength vs. gps. Of which both can be error prone do to signal loss/reflection and gps error.

Link to comment
Share on other sites

Is anyone else wondering if you can set up a pineapple to proxy your connections?

Why?

because of the natural hacker instinct to know how something works and how you can manipulate it if you need to :)

Link to comment
Share on other sites

Hmm, want to circumvent it? Use a 802.11a wireless system. It only sees b/g

Well the point of the device is to find someone leaching off your companies b/g wifi internet, so using an 802.11a system is kinda pointless.

because of the natural hacker instinct to know how something works and how you can manipulate it if you need to :)

I know what a hacker is, what I want to know is what the hell does using a pineapple have to do with the op's linked hardware.

Link to comment
Share on other sites

There is a nice program for Windows mobile phones with wifi, WiFiFoFum, it has a decent display of wifi devices around it. Its free, or else it used to be...

It's basically the same as ministumbler. Wififofum has gps support, and a radar like display, but it doesn't really position the access points correctly on the screen.

Link to comment
Share on other sites

what I want to know is what the hell does using a pineapple have to do with the op's linked hardware.

I was thinking that you could quite easily set up a pineapple to connect to their network and then you connect to the pineapple on whatever network you like (Along with others using their laptops in the area).

First the trackers would have to track down the pineapple (when they find it hopefully you will see them and know it is time to leave), once they find that they will either disconnect it (also alerting you that it has been found) or they will leave it in place and try to figure out who is connecting to the pineapple. If there is enough people connecting through the pineapple then they will have to either try and track them all, or try to single you out from the others by grabbing packets and then doing some traffic analysis on them (both of which will require sometime).

Link to comment
Share on other sites

I was thinking that you could quite easily set up a pineapple to connect to their network and then you connect to the pineapple on whatever network you like (Along with others using their laptops in the area).

First the trackers would have to track down the pineapple (when they find it hopefully you will see them and know it is time to leave), once they find that they will either disconnect it (also alerting you that it has been found) or they will leave it in place and try to figure out who is connecting to the pineapple. If there is enough people connecting through the pineapple then they will have to either try and track them all, or try to single you out from the others by grabbing packets and then doing some traffic analysis on them (both of which will require sometime).

Ok I'm going to ask, Why the hell do you need the pineapple for? What is the scenario? The pineapple is meant to trick others into connecting through your connection. The wifi tracker is meant to track down a rogue client on a legit Access point.

I.E. a home user has not secured their wireless and some unauthorized user has connected to it and is using it for illegal purposes. The LEO is now using the tracker to see who is connected to the AP and then he's tracking that MAC for signal strength based on the tracker location as to triangulate the source of the client.

The Jasager acts as a rogue AP of sorts. It pretends to be everyone and then allows anyone to connect and use the network it's connected to. It makes no sense to proxy a connection, at least to me.

Link to comment
Share on other sites

I was thinking that you could quite easily set up a pineapple to connect to their network and then you connect to the pineapple on whatever network you like (Along with others using their laptops in the area).

First the trackers would have to track down the pineapple (when they find it hopefully you will see them and know it is time to leave), once they find that they will either disconnect it (also alerting you that it has been found) or they will leave it in place and try to figure out who is connecting to the pineapple. If there is enough people connecting through the pineapple then they will have to either try and track them all, or try to single you out from the others by grabbing packets and then doing some traffic analysis on them (both of which will require sometime).

I'd stomp it into oblivion. Yes, I have removed unauthorized network equipment off networks this way before, no I didn't get my ass kicked.

Link to comment
Share on other sites

I'd stomp it into oblivion. Yes, I have removed unauthorized network equipment off networks this way before, no I didn't get my ass kicked.

One stomped pineapple is far better than getting into a fight myself. :)

Link to comment
Share on other sites

One stomped pineapple is far better than getting into a fight myself. :)

I still don't see how the pineapple is going to help you. Any company that's going to spend the cash for one of these most likely has some pretty nice traffic analysis hardware installed. They'll have already snarfed any user names and passwords you've been using.

Link to comment
Share on other sites

I still don't see how the pineapple is going to help you. Any company that's going to spend the cash for one of these most likely has some pretty nice traffic analysis hardware installed. They'll have already snarfed any user names and passwords you've been using.

It will help you because you won't be there. When they come for the pineapple, you don't have to be around or risk losing expensive equipment.

Nothing to do with network security, at that point, it's physical security.

Link to comment
Share on other sites

I still don't see how the pineapple is going to help you. Any company that's going to spend the cash for one of these most likely has some pretty nice traffic analysis hardware installed. They'll have already snarfed any user names and passwords you've been using.

Well they would have our encrypted packets so they would know where we had been going but not who as or with what passwords, and if we tunneled our connections through tor or something similar then they wouldn't even know where we had been going.

Link to comment
Share on other sites

It will help you because you won't be there. When they come for the pineapple, you don't have to be around or risk losing expensive equipment.

Nothing to do with network security, at that point, it's physical security.

But they're not looking for the access point. They're looking for the clients! The correct scenario goes like this:

Deception SEs his way into Acme Widgets and plants a Jasager. A couple days goes by and BOFH find Jasager and does some investigating and figures out what it is and what it does. He then thinks. I'm gonna get the little bastard that planted this on my network. Buhawaha. He acquires a wifi investigator and finds the mac addresses of the clients connecting to the Jasager. He uses the GPS and direction finding to lead him to a coffee shop across the street where Deception sits with his laptop. An unmarked crown vic pulls up, out come two gentlemen with a nice pair of shiny bracelets. They verify the MAC address and take Deception off to jail.

The device isn't <i>only</i>for finding rogue access points. Its for finding the person connected to it.

Link to comment
Share on other sites

But they're not looking for the access point. They're looking for the clients! The correct scenario goes like this:

Deception SEs his way into Acme Widgets and plants a Jasager. A couple days goes by and BOFH find Jasager and does some investigating and figures out what it is and what it does. He then thinks. I'm gonna get the little bastard that planted this on my network. Buhawaha. He acquires a wifi investigator and finds the mac addresses of the clients connecting to the Jasager. He uses the GPS and direction finding to lead him to a coffee shop across the street where Deception sits with his laptop. An unmarked crown vic pulls up, out come two gentlemen with a nice pair of shiny bracelets. They verify the MAC address and take Deception off to jail.

The device isn't <i>only</i>for finding rogue access points. Its for finding the person connected to it.

Beakmyn, you are dead on... Obviously you can change your mac ID while they walk into the coffee shop, but you might be fucked...

So could you do the same netstumbler or an open source program?

Link to comment
Share on other sites

But they're not looking for the access point. They're looking for the clients! The correct scenario goes like this:

Deception SEs his way into Acme Widgets and plants a Jasager. A couple days goes by and BOFH find Jasager and does some investigating and figures out what it is and what it does. He then thinks. I'm gonna get the little bastard that planted this on my network. Buhawaha. He acquires a wifi investigator and finds the mac addresses of the clients connecting to the Jasager. He uses the GPS and direction finding to lead him to a coffee shop across the street where Deception sits with his laptop. An unmarked crown vic pulls up, out come two gentlemen with a nice pair of shiny bracelets. They verify the MAC address and take Deception off to jail.

The device isn't <i>only</i>for finding rogue access points. Its for finding the person connected to it.

If we are setting up the pineapple as a permenant fixture then we would be running the risk of it being discovered without us knowing. What we would need is some way of checking if the pineapple had been disturbed while we were away (perhaps something that when it is disturbed cuts it power so we can check it's uptime as soon as we connect and drop the connection if it is not what we expect).

Of course if the pineapple is running on batteries then we would also need to be able to retrieve it to replace them which would put us in danger if they have already located the pineapple.

Link to comment
Share on other sites

From my own past with audio and video bugs, never directly connect to the pineapple. Use a second access point to bridge you between the pineapple and your computer... Gives you distance and a layer of protection.

Link to comment
Share on other sites

From my own past with audio and video bugs, never directly connect to the pineapple. Use a second access point to bridge you between the pineapple and your computer... Gives you distance and a layer of protection.

Good point, there is nothing stopping us using chains of acess points so that we don't have to connect from the same location, one chain heads up the street the other down, another heads somewhere else. Using directional antennas you could get a good distance without needing too many access points.

Link to comment
Share on other sites

Beakmyn, you are dead on... Obviously you can change your mac ID while they walk into the coffee shop, but you might be fucked...

So could you do the same netstumbler or an open source program?

Not easily with Netstumbler. While it will show GPS location, which is the coords where it was last "seen" and it will show signal strength*, there is no built in direction finding algorithm. It also doesn't show connected clients, whereas Kismet while show clients.

Doing a google search (kismet "network center") shows some info that looks close.

Also, Kismet is a passive scanner like the wifi investigator while Netstumbler is an active scanner.

section 9 of the documentation

Kismet cannot know the location of a network, it can only know the

location where it saw a signal. By circling the suspected location,

you can provide more GPS data for processing the network center point.

Kismet keeps running averages of the network location, however this is

not incredibly accurate, due to averaging and imprecision in

floating point math. For plotting network locations, the GPSXML file

should be used.

http://casoilresource.lawr.ucdavis.edu/drupal/node/288

*If you use a supported network card like the Orinoco that will properly report signal strength and NOT use a NDIS driver which at best only reports something close to signal strength.

Link to comment
Share on other sites

So could you do the same netstumbler or an open source program?

As beakmyn said it's not easy to do with netstumbler, kismet is better. You could also use a directional antenna with kismet and then try and triangulate the approximate location of the machine you are interested in.

Simply stand in one location and point the antenna in one direction and note the direction and the signal strength, rotate the antenna by a little and record the direction and signal strength again. Repeat this until the antenna is pointing in its original direction again. Repeat this process at another location. Get a map of the location and using the signal strengths round the two locations you can narrow down the area that you will want to look in.

Triangulation of signals is quite difficult to do in a built up environment as you will get interference from buildings and other obstacles (Sometimes they block the signal and other times they reflect it). Also you will need to know your antenna as well because most directional antennas have odd radiation patterns so the strong signal doesn't necesarily mean that you are point your antenna directly at it. So make sure you map the radiation pattern of your directional antenna before trying this, as it will help you interpret the information that you collect.

Link to comment
Share on other sites

As beakmyn said it's not easy to do with netstumbler, kismet is better. You could also use a directional antenna with kismet and then try and triangulate the approximate location of the machine you are interested in.

Simply stand in one location and point the antenna in one direction and note the direction and the signal strength, rotate the antenna by a little and record the direction and signal strength again. Repeat this until the antenna is pointing in its original direction again. Repeat this process at another location. Get a map of the location and using the signal strengths round the two locations you can narrow down the area that you will want to look in.

Triangulation of signals is quite difficult to do in a built up environment as you will get interference from buildings and other obstacles (Sometimes they block the signal and other times they reflect it). Also you will need to know your antenna as well because most directional antennas have odd radiation patterns so the strong signal doesn't necesarily mean that you are point your antenna directly at it. So make sure you map the radiation pattern of your directional antenna before trying this, as it will help you interpret the information that you collect.

I think GPSMap will do the triangulation for you. It will take a live feed from Kismet also.

Link to comment
Share on other sites

Triangulation of signals is quite difficult to do in a built up environment as you will get interference from buildings and other obstacles (Sometimes they block the signal and other times they reflect it). Also you will need to know your antenna as well because most directional antennas have odd radiation patterns so the strong signal doesn't necesarily mean that you are point your antenna directly at it. So make sure you map the radiation pattern of your directional antenna before trying this, as it will help you interpret the information that you collect.

Triangulation isn't that hard with the right TSCM (Technical Surveillance Countermeasures) equipment. Most LE won't have this, but their private industry buddies and feds will. Even if they can't narrow down to an exact person like this device claims, they can focus on a building or coffee shop and then manually search individuals...

Link to comment
Share on other sites

lol, just do what I do, N810 hooked up to a 500mW card via USB Y cable, hook the other connector up to a USB power pack and then plug a directional patch antenna to the 500mW card via a R-SMA to N type connector.

Run Kismet, find what your looking for and bring up the real time signal strength, when you move around the stronger the signal that's the direction they are in. Looks for someone with a laptop or that looks out of place and that's them.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...