Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 48

Thread: Experimental location tracking using 2.4ghz

  1. #21
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by Revelati View Post
    As for thorin, I couldn't disagree more. Passively mapping APs is only a few steps away from actively attacking them.
    That sounds like agreement to me.
    I have mapped a few hundred APs in my college town and I am amazed at the lack of security. Right now I see about 80% of APs are vulnerable to attack.
    1/3 are simply open
    1/3 are WEP which in my estimation is worse than open because a monkey can crack it and it gives the user a false sense of security.
    1/3 are WPA which is good but ill make a bet that 80% of those are crackable from a decent dictionary attack.

    From a white hat perspective I can see the over all security situation of the general public. (Which is pretty grim)
    Anyone who is even a little into IT security could have told you that. It was nice of you to spend your time figuring out something that so many people already know and have proven time and again.

    From a Black hat perspective I have just created a battlefield map and can now pick and choose which APs I want to attack based of physical location.
    Excellent so you do propose to use it for illegal activities, not just facilitating other's illegal activities.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  2. #22
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    You are right, mapping Aps is completely useless, public sucurity auditing is dumb because it's been done before and I am an evil haxor who wants to see what kind of pron my 60 year old neighbor looks at.

    You sure got me there, care to say anything relevant to the original post?

    No, didn't think so...

  3. #23
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    You are right, mapping Aps is completely useless, public sucurity auditing is dumb because it's been done before and I am an evil haxor who wants to see what kind of pron my 60 year old neighbor looks at.

    You sure got me there, care to say anything relevant to the original post?

    No, didn't think so...
    Keep the topics on track and the insults to a minimum.

  4. #24
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by Revelati View Post
    You are right, mapping Aps is completely useless, public sucurity auditing is dumb
    It's not "dumb". It's illegal, plain and simple, if you "audit" something you don't have permission to audit you're doing something illegal. Why is this so hard to grasp?
    because it's been done before and I am an evil haxor who wants to see what kind of pron my 60 year old neighbor looks at.
    Wow finally the truth.

    You sure got me there, care to say anything relevant to the original post?
    Sure. Here you go:
    The harder way would be to calibrate the antennas before hand testing signal strengths at different ranges to an AP. And getting a range from a single location.
    (If my signal at 10 yards is 100% and my signal at 100 yards is 10% then if im getting a signal of 50% the AP must be 50 yards away.)
    and/or
    (If my panel antenna has a signal of 25% to an AP at 50 yards directly in front of it, and my yagi has a signal of 50% to an AP at 50 yards directly in front of it, then when I get a reading of 25/50 from my two antennas, the range to an AP must be 50 yards.)
    Using signal strength as a way to measure distance from an AP is completely impractical (even in your flat open field example) due to the number of factors that can affect RF signals, including (but not limited to): atmospheric conditions, vegetation, mineral deposits, solar activity, other RF bleeding into your space, other RF operating in your space, etc. I suppose you could expand your example to remove all those conditions but then you're suggesting operating in some fictional world.

    No, didn't think so...
    Actually yes, it's just not what you want to hear.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #25
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    Quote Originally Posted by Thorn View Post
    A lot of WarDrivers to exactly that. It's probably akin to birdwatching, "catch and release" fishing, or even QSL cards for DX Hams.

    Number of wireless networks that I've personally logged and mapped in twelve US states (plus DC) and three foreign countries: 79,614

    Wireless networks accessed without authorization: 0
    That's slot of federal offenses does anyone know if mapping aps and recording what kind of security they use is illeagle? Because that's really all I want to do.

    I've always been under the impression that you need to access a network in order to do anything illeagle.

  6. #26
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    You'd need to lookup info on lawful intercept, use/mis-use/disruptions of telecoms services, etc.

    From a previous thread:
    IronGeek has a good summary of some US & State laws here:
    http://www.irongeek.com/i.php?page=c...e-hacking-laws

    There's a brief discussion about some Canadian law here:
    http://forums.remote-exploit.org/sho...43&postcount=8
    (Canadian Criminal Code, Bill C-46, Sections: 326, 342, 430, etc)
    Not to mention that within the US if someone wanted to be really nasty they could argue some kind of DMCA violation for reverse engineering the signal/crypto.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #27
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Revelati View Post
    That's slot of federal offenses does anyone know if mapping aps and recording what kind of security they use is illeagle? Because that's really all I want to do.

    I've always been under the impression that you need to access a network in order to do anything illeagle.
    I hate making eagles sick as well. What is the point of mapping what kind of security they have? I'm just curious.

    Plus, you never did answer my question regarding your calibrated equipment. There's no way you're going to get accurate results with off the shelf commercial grade equipment, it just isn't designed to be that good.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  8. #28
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    Quote Originally Posted by streaker69 View Post
    I hate making eagles sick as well. What is the point of mapping what kind of security they have? I'm just curious.

    Plus, you never did answer my question regarding your calibrated equipment. There's no way you're going to get accurate results with off the shelf commercial grade equipment, it just isn't designed to be that good.
    Thanks I'll leave the poor eagles out of it now on :-)

    Well I was hoping to try and fudge some of the calibration using software to make a "best guess" prediction based on what you already know about how the signal distortion.

    I am also working on getting a ham operator license which should hopefully allow me to play with some higher sensitivity equipment. I'm also not afraid to get out the soldering iron for some modding (as long as it complies with all pertinant laws of course)

    As for the legality of what I'm trying to do current PA state law allows for passive detection of aps as long as no attempt at connection or data interuption or modification is made. Thanks for the links on legality by state those should be sticky if they aren't already.

    As for why I want to do this, it just seemed like a cool project. There really is no other point.

  9. #29
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by Revelati View Post
    As for the legality of what I'm trying to do current PA state law allows for passive detection of aps as long as no attempt at connection or data interuption or modification is made. Thanks for the links on legality by state those should be sticky if they aren't already.
    You might also want to checkout:



    From IronGeek's list you might want to further consider:
    § 3933. Unlawful use of computer.
    (a) Offense defined.--A person commits the offense of unlawful use of a computer if he, whether in person, electronically or through the intentional distribution of a computer virus
    ...
    3. intentionally or knowingly and without authorization gives or publishes a password, identifying code, personal identification number or other confidential information about a computer, computer system, computer network or data base.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  10. #30
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by thorin View Post
    You might also want to checkout:



    From IronGeek's list you might want to further consider:


    § 3933. Unlawful use of computer.
    (a) Offense defined.--A person commits the offense of unlawful use of a computer if he, whether in person, electronically or through the intentional distribution of a computer virus
    ...
    3. intentionally or knowingly and without authorization gives or publishes a password, identifying code, personal identification number or other confidential information about a computer, computer system, computer network or data base.
    § 3933 (a)(3) would certainly apply if data were published and if the data was captured packets that had been originally encrypted and had subsequently been decoded. However, data that is broadcast in the clear, such as the SSID or the AP's MAC, cannot be considered private in the US, under FCC Part 15, and other FCC regulations.
    Thorn
    Stop the TSA now! Boycott the airlines.

Page 3 of 5 FirstFirst 12345 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •