Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: How to locate physical location of access point?

  1. #1
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    10

    Default How to locate physical location of access point?

    Well I've been breaking my head over this problem for a few days now, we have at my company some rogue employees hooking up their home APs to our network and connecting from the balcony over coffee and smokes. Needless to say we have to stop this, but before we start putting in NAC and whatnot I want to find the exact offices where these douches operate so I can shut them down and report them to management (hehe mess with MY network!)
    Trouble is, as much as I walk around with my laptop looking at kismet and airodump's power meters, they are wholly unreliable. Even tried "limiting" my pcmcia (Netgear WPN511) by wrapping it in tin-foil and pointing it at certain directions. still no luck.
    Any ideas on how to get this done anyone?

  2. #2
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Extensively covered here.

  3. #3
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    10

    Default

    well thanks, i searched and nothing came up (blame the misleading title...), but the thread didnt help me much since i really can't get any of the mentioned equiptment (for geographic/accounting reasons i wont go into).
    I was hoping someone had actual experience making a DIY direction-limiter for a pcmcia card w/o a connector (maybe covering it up with tin foil open at one end or the like).
    I'm sure its been done.
    I've tried it, but the kismet readings im getting are very unreliable and unhelpful.
    oh well, back to work. If i make it, i'll share

  4. #4
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    make a directional antenna, use a pringles can, connect it up to a usb wireless pen, airodump-ng ..... look at the pwr reading and follow the yellow brick road

    edit: if u are using a non usb card, then get a pigtail, antenna and connect up. plenty of tutorials on making this all over the place

  5. #5
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    The best thing to do is checking the ARP tables on your switches and look you should be able to see which port the AP is connected to.

  6. #6
    Junior Member cyberconsole's Avatar
    Join Date
    Aug 2007
    Posts
    57

    Default

    Quote Originally Posted by BOFH139 View Post
    The best thing to do is checking the ARP tables on your switches and look you should be able to see which port the AP is connected to.
    dump your tables and whip up a quick script to compare the data to this...
    http://standards.ieee.org/regauth/oui/oui.txt

    Or you could just dump the mac addresses into this...
    http://www.techzoom.net/nettools-macdecode.asp
    There's no fate but what we make for ourselves.

    -I already know I cant spel-

  7. #7
    Junior Member
    Join Date
    Feb 2008
    Posts
    40

    Default

    I'd just configure a card in the area with the same IP address as the offending router. Since my TCP stack doesn't have any ports or routes open, my machine would throw a RST back for everything. That should be a stealthy way of keeping him shut down without having to find him. And he's likely to throw a few routers away thinking they are junk. I believe Comcast does something like this for P2P.

  8. #8
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Try using a directional antenna and card that has reliable SNR. That might get you close. Other than that, geolocation involves too many variables to be of any accuracy.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  9. #9
    Junior Member cyberconsole's Avatar
    Join Date
    Aug 2007
    Posts
    57

    Default

    Quote Originally Posted by dattaway View Post
    I'd just configure a card in the area with the same IP address as the offending router. Since my TCP stack doesn't have any ports or routes open, my machine would throw a RST back for everything. That should be a stealthy way of keeping him shut down without having to find him. And he's likely to throw a few routers away thinking they are junk. I believe Comcast does something like this for P2P.
    Or you could just set port security on your switch to something like...
    Code:
    switchport port-security maximum 1
    switchport port-security violation shutdown
    Whoever comes crying that they cant access the network is probably the culprit.
    There's no fate but what we make for ourselves.

    -I already know I cant spel-

  10. #10
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    Then attach your EtherKiller to the patch-panel port, crack open a beer and watch the fireworks....



    Quote Originally Posted by cyberconsole View Post
    Or you could just set port security on your switch to something like...
    Code:
    switchport port-security maximum 1
    switchport port-security violation shutdown
    Whoever comes crying that they cant access the network is probably the culprit.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •