Hi all,

Currently I'm working as an IT security intern in a big hospital. In one of the wings users reported a new unsecure ad-hoc network.

Knowing that we only have two small test wlanís (802.1x), we could only come to the conclusion that one of the users has (accidentally?) setup an ad-hoc network.

Because this could possibly lead a security risk we want this ad-hoc network down.
To get I down voluntarily, we tried sending out an email regarding this problem to all our users who are working in this wing. Sadly his had no effect.

So to get the ad-hoc network offline we had to do something else. With the help of some colleagues, I came up with of the following plan: connecting to the ad-hoc network, get the IP address of the host, resolve the hostname of the Pc/notebook, check which user is logged on to this Pc/notebook and mail or call this user directly.

So far the planÖ When I connect to the access point I get an APIPA IP address, so far no surprise. Next step would be getting the IP from the Ďhostí and resolving itís IP address. But I donít get any IP address of the Ďhostí.
To get the IP, I tried pinging the whole the APIPA range (169.254.0.0 <> 169.254.255.255) but I only get the connected hosts (including my own netbook).

So the host of this ad-hoc network probably has 0.0.0.0 as an IP address.

The action Iíve taken so far is calling the users who are connected to this ad-hoc network. All of these users (or at least they told meÖ) where unaware that they where connected to this ad-hoc network. I told them to disconnect to this ad-hoc network, and helped the people who didnít know how to disconnect.

So what Iím basically asking here is, what should be my next step? All help is welcome, and thanks in advanced!