On Tue, 3 Dec 2002, Major Variola (ret) wrote:
> At 12:54 PM 12/3/02 -0500, Sunder wrote:
> >Simple. Signal strength from at least three access points will
> pinpoint
> >your location. If any of the AP's have known GPS coordinates, your
> >location can be interpolated.
>
> The Watcher can learn a lot even without doing the full classic
> 3-centers intersection.
The watchers already have monitoring systems in place so their need
to access the actual AP's is zero.
> >To fix this, change your MAC address (or whatever WiFi uses for that),
> >randomly every time you move around, and don't share things that can
> >identify your machine. i.e don't run things such as SMTP, FTP,
> Microsoft
> >File sharing which give away your host name, and don't accept cookies
> from
> >web sites that can track you, and make sure your browser doesn't leak
> your
> >email address, and be aware that anything you do can be sniffed.
>
> Hope that identifying 802.11 transmitters from their analog artifactual
> properties [1] is more
> difficult than identifying a Morse Coder's fist.
It isn't. As long as you use the same RF finals you're traceable. To do
what is suggested would require swapping card -anonymously- (otherwise
you're providing prime evidence of conspiracy) between each cell change
(ie every few hundred feet). And don't forget the unique mechanical
'tool marks' your machine connector will both give and receive, as well
as environmental residue stuck inside the plastic cases which might be
usefull to demonstrate a particular card had been used at a particular
time or place.
Tedious does not begin to describe.
> Beware also that APs eventually flow to a hardwired line and the
> Statelco knows exactly where that's demarked.
> Once they know which Starbucks to cruise their white van around.. time
> to find another Starbucks, that should be tough :-)
Have you wardriven anyplace lately? AP's are popping up like mushrooms in
a field after a rain. Austin has a population just under 500,000. There
are several 10's of thousand AP's in the area. The problem is they aren't
working together...
> ("you have to have one of the following MACs to connect") by WAPs, used
AP hubs worth a damn allow you to filter out/disallow access by MAC's.
You'd need to rewrite the code to do this. If you're using a commercial
all-in-one AP this would be problematic. If you're using an Open Source
OS with a card in it then it is more realistic. I'd suggest taking a look
at NoCatAuth as a base. Not because it's best or anything but because it
is very popular.
--
____________________________________________________________________
We don't see things as they are, [EMAIL PROTECTED]
we see them as we are. www.ssz.com
[EMAIL PROTECTED]
Anais Nin www.open-forge.org
--------------------------------------------------------------------
