You can certainly log MACs on your AP, correct? I mean that doesn't give you much.... you could then use iptables to watch the activity of those MACs I guess.....
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Harney Sent: Wednesday, January 19, 2005 12:46 PM To: [email protected] Subject: Re: [brlug-general] kismet vs. prismstumbler Andrew Baudouin wrote: > True. Sorry about that. Thank you for your reasoned, intelligent response. > > Interesting mention of the parallels to port scanning though. I have > definitely port scanned hosts before to attempt to discover open > services. One way in which this comparison does not fit is that wardriving is a bit more passive. Port scanning is an action directed at a host. Wardriving is just picking up frequencies in the air. So port scanning strikes me as even murkier from a legal standpoint. (Of course this begs the question, is port scanning a multitude of ports with an automated tool all that different from typing "telnet somehost 80" or "nc somehost 22"?) Similar questions can be asked of both activities, though. ie. at what point do the tools cross the line? Is spoofing source IP during a port scan illegal? And pure port scanning is one thing, but "vulnerability scanners" like nessus certainly go further. And even nmap has some functionality to detect and perhaps get hosts to reveal more information than the owner might consider public. Which commandline options to kismet straddle the line from mere detection to intrusion? > Another parallel would be to P2P software. There are legitimate uses > of P2P software, but companies are trying to lobby to make it illegal > because of the rampant sharing of warez going on. True. Bittorrent is receiving the lion's share of the attention right now. It has some obvious practical and legal uses. It'll be interesting to watch all of that play out. > I just can't see any legitimate use for wardriving right now. There > is no practical application in my mind, so I feel like "why do it?" > That's not to say I condemn or impugn those who do it, I just want a > realistic answer as opposed to "I should be able to" or "Because I > can" or "I want a list of unsecured networks". At least right now those are probably the only answers. Perhaps someone wants to experiment with the tools to see if they can detect passive scans so they can better protect their own network. But I don't much in the way of practical value for wardriving. It might tell you how "unwired" Baton Rouge is compared to some other metropolitan areas. Actually, I'd like to know if any tools exist to detect and track probable wardriving -- if that's even possible. Do kismet and airstumbler transmit in such a way that another machine might be able to detect and log their presence? -- Scott Harney <[EMAIL PROTECTED]> "Asking the wrong questions is the leading cause of wrong answers" gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5 _______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net
