How to find out client physical location?


We have a public wlan for visitors in our company. Now our admin guy says someone is downloading clearly illegal stuff and it seems this has been going on for some time now. He says he can easily block out this guy, but I would like to call cops (guess what he is up/downloading?).

The problem is, where is this guy? We are located in a office building and we can see see networks from other companies and from another building on the other side of the street. (Our admin says there is very little he can do without mapping the whole area first, including the other building)

Thanks, Joonas

------------------------------------------------------------------------ View this thread:

formatting link

Reply to
Loading thread data ...

Jammu wrote in news:

What is he/she d/l'g ? And why do you want to call the cops ? Do you and your companies' IT department want to take the time and effort to do what would be required to (possibly) ID the location, and then take part in a court case as well ?

There's not too much you can do to pinpoint his location w/o using some kind of triangulation method with (very) directional antenna's. The problem is, in an indoor environment, even triangulation may not work properly, due to RF reflections. If it's an easy straight path, then ballparking the location (which is all you would be able to do anyway) _may_ be possible.

But now maybe the strongest signal to this client is working off of a reflection. This could totally kill any triangulation efforts, since when sniffing from one location, which may or may not be a straight path, and then sniffing from the second location, which may or may not be a straight path, could result in coming up with 2 RF path's that never intersect.

I'd just shut 'em down and move on, which begs the question, why didn't IT shut it down immediately when it was first noticed ? That would have been the smart thing to do. What would have happened was either 1) the person would have went away or 2)someone inside your company may have come to IT claiming that their wireless connection may have stopped working, IT could have very easily identified this as the offender and taken whatever steps according to it's computer use policy.

Reply to

Several things to consider...

Since its a public WLAN and if a visitor is using it, its not an employee issue that HR can deal with.

If its been going on for some time, that would point to an employee or regular visitor.

It appears that IT knows enough about it to be able to lock out the wireless client MAC address, so if its an employee that person will ask what the problem is with his/her connection. But on the other hand, the employee may have a wired connection for company biz and just using the wireless for the inappropriate stuff, so killing the wireless MAC may not be reported.

Sniffing around for the wireless client? I'm sure that if you wal around with a laptop in one hand and Yagi antenna in the other, it might tip off someone what you're looking for.

Call the cops? Good question. Some states (there might even be a federal law also) that obligates you to report certain activity, i.e. if you repair someone's computer and discover certain files, you have to report it. With the confusing language of so many statutes, a wireless client could very well be considered part of a computing system and therefore you might be obligated to report it.

Reply to

Or someone in a nearby building who has noticed they can pick up your free wlan. Really, a company ought to know better than have an open wlan

- its a magnet for abuse.

Might work temporarily - but anyone savvy enough to access it will be able to change their MAC and get back in.

That might be good enough to scare them off, if its an employee or regular visitor. You could also redistribute your company IT policy, and create / distribute one to visitors, perhaps with an accompanying note saying that someone was recently caught abusing the free wlan, and that future transgressors will face disciplinary and possibly police action.

It is, and you would be .

Social engineering is the solution probably. If its someone actually in the building - whether staff or visitor - then the above suggestions ought to scare them off.

Reply to
Mark McIntyre

It doesn't sound like the goal is to scare him off, there are easy ways of doing that, especially if someone is doing something illegal.

Finding the person could be far more fun.

Reply to

Public, as in not running any security like WPA or WEP? That's a mistake. It'd be somewhat easier if you had security setup for it, even one that just use a placard at the door entrance reading the current day/week/month password. You could at least then use that to cross-reference a username login on something to the MAC hardware.

If you're dealing with more than one access point then you could use something like Ethereal (now called Wireshark) to sniff the packets. You'd have to setup a hub between the access point being (ab)used and put a computer on it to capture the packets. Configure the filters to capture only the packets from that questionable MAC address. Then sift through the packets looking for additional identifying information. A POP mailbox login, website, etc. If they're abusing your network they have no reasonable expectation of privacy.

You could also use something simple like a windows "net view \\" with the hopes they've done something stupid like left windows filesharing running. And then used an identifiable PC name (heh, like Joe's Dell Inspiron or the like).

You could get really devious and setup a transparent proxy that would re-write their download requests, and return different content. Like an AVI movie of a REALLY LOUD SOUND and have folks listening for it. Or web pages that unleashed pop-ups that redirected to other internal web pages and track those via log files.

I'd start with collected packets from the abusive machine. Let it collect for a while, like a week or more. Then look through them to see if you can find any sort of identifiable destinations. At some point this idiot is likely to use something that'll trip him (or her) up. An instant messenger login, checking a mailbox, etc.

There is also the "problem with the network, call us for help ploy". Redirect web traffic to a web page explaining there's a problem and put a phone number on there for them to call asking for help. Make it come up randomly. Enough that they'll think you're idiots and call demanding you get your sorry act together. Be busy and get a call back number, be surly and rude so they'll call your boss to complain about you. You're looking to bait them into providing as much identifiable info as possible. Making yourself look stupid and pissing them off works in your favor.

There's lots of things you can try, but none of them will guarantee results.

-Bill Kearney

Reply to
Bill Kearney Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.