WiFi Triangulation

mikegroovy writes "WiFi software tracks you down: 'Positioning technology company Ekahau has released an updated version of its software, which allows devices to be physically tracked when they are connected to an 802.11 WLAN network.' Maybe connections that are made from the street(or outside of a predefined area) could be automatically disconnected... It may spell an end to warchalking."

Finally

[rice_web]

I hate the thought of other users being able to access my wireless connection. Even though I rarely have important files that I'm concerned about, it's nice to have some security.

Re:Finally

[LarsG]

..then enable some security on your AP! Even the cheapest APs available today support at least WEP, and it should take you about 30 seconds to enable it.

Re:Finally

it should take you about 30 seconds to enable it.

And about 30 seconds to get through it too :P

Actually, how long it takes to work through WEP depends on how much traffic you create. There are a few ways to use RC4 that really cut down on its security; WEP does most of these things.

Re:Finally

[mrjohnson]

That's what my boss thought, too. You should be able to crack a somewhat busy network using 64 bits in about eight hours with AirSnort. It took me about sixteen to recover the password (longer because it was just one host and me running `ping -f -c 1 wifi` from my desktop).

WEP will only deter the laziest script kiddie... Sorry. :-)

Re:Finally

[LarsG]

And about 30 seconds to get through it too :P

Yeah. But even if WEP is a shoddy fence, it is still a fence and anyone breaking the key can't reasonably claim with a straight face that he thought it was a public AP. :)

128bit WEP, MAC address checking and an IPSEC gateway as the only thing on the other side of the AP should do the trick for people that feel the need for barbed wire instead of a simple 'no trespass' sign.

Re:Finally

What they can or cannot claim if they are caught is not a deterent. If I can sit across the street with an antenna and connect to your corporate lan all night long I can probably get what I want before you know about it.

Re:Finally

[monthos]

It takes much longer to crack it than 30 seconds. The reason it can be cracked is becouse of an insecurity of WEP encrypting a file every now and then weakly, still encrypted, but very weak, after you collect about 1000 of these packets software can determine the key from it.

On a not very used network it can take over a day of collect the desired packets to crack it, on a heavily used network a few hours.

Good God, are you Clueless?

[Henry+V+.009]

Hint: War-chalking happens because people are clueless about their networks. The problem is networks that let everyone on board by default without any encryption.

Re:Good God, are you Clueless?

[sys$manager]

It took me all of 30 seconds to enable 128 bit WEP and create a key on my new Linksys 802.11b router. Honestly, how hard is that for people to do?

Re:Good God, are you Clueless?

so becuase a network isn't under the tightest security possible everyone has the right to go in it and do as they will? i know, i know: people *are* going to take advantage of those networks because they are there. but i don't think you can justify it by saying the security was lax.

Re:Good God, are you Clueless?

[cyberformer]

It takes me all of 30 seconds to program my VCR, but most non-techies can't do it.

Anyway, 128-bit WEP (actually just 104 bits) isn't safe. The crack just takes twice as long.

Re:Good God, are you Clueless?

[reddeno]

I could be wrong, but I thought the point of warchalking was to mark your _own_ wireless network so that others could use it.

--Nicholas

Re:Good God, are you Clueless?

[wolfgang_spangler]

Warchalking gets it's name from wardialing...where users would dial numbers until they found a computer that answered (see War Games).

Warchalking is like walking around with a wireless devices, finding a signal, and marking that fact. Usually that is not done by the people running the network.

Re:Good God, are you Clueless?

[cei]

You are, in fact, wrong. Wolfgang is right in his description of the relation between warchalking and wardialing. That covers the "war" aspect. The "chalking" aspect is derived from the marks hobos would use indicating safe places to sleep, houses with guard dogs to avoid, farmer's daughters to sleep with, etc... The nomadic lifestyle leaving marks for other nomads saying "hey, there's something interesting here."

Normally, then, the owner of the network would not be party to either the "war" or "chalk" methods.

Re:Good God, are you Clueless?

[WolfWithoutAClause]

It takes only 45 minutes for me to airsnort the WEP password of your network. Honestly, how hard is that for us warchalking people to do?

Re:Good God, are you Clueless?

[Gruturo]

It took me all of 30 seconds to enable 128 bit WEP and create a key on my new Linksys 802.11b router. Honestly, how hard is that for people to do?

It will take AirSnort all of 30 minutes to crack your 128Bit WEP encryption since it is so badly flawed that I'd rather go _without_ it.

Really, _don't_ trust WEP. Search Google or Ask Slashdot about cracking it, have a look at what You'll find.

The only reachable IP on my 802.11 net is the IPSEC gateway.

Re:Good God, are you Clueless?

Ghostse,
Good to see you here again. I was afraid you might have hurt yourself.

I know being arrested with twinkies stuffed up your anus in the bathroom of the girl scout meetinghouse, and the ensuing public degradation, were a terrible blow for you, but I want you to know, not -all- of us are filled with loathing.

Re:Good God, are you Clueless?

[LarsG]

Anyway, 128-bit WEP (actually just 104 bits) isn't safe.

We all know that. But an AP with WEP enabled is the digital equivalent of a "no trespass" sign, while an AP with no security at all is either set up by a clueless newbie or is deliberately left open to allow other people to get Internet access (which I'll do once I go wireless in my apartment).

In order to promote public accesspoints, I'd prefer that the law doesn't consider it trespass to use an unsecured AP for Internet access.

Re:Good God, are you Clueless?

of course the typical self-important hacker or cracker or whatever you want to call them doesn't think that way. they'll try to break in no matter what. and if they succeed they'll justify their *wrong* course of action by blaming the incompenance of the owner of the network.

Re:Good God, are you Clueless?

[Zeinfeld]

It took me all of 30 seconds to enable 128 bit WEP and create a key on my new Linksys 802.11b router. Honestly, how hard is that for people to do?

Not hard but unfortunately not secure either. Due to a broken design the WEP mk1 scheme only gives 24 bits of security regardless of whether you have the 128 bit or 40 bit cards.

However this has since been fixed, and the fixed cards will be available fairly soon. In addition the new cards fix the original major inanity of WEP, the single key shared by every card. The newer cards will have built in certificates to suport 802.1x authentication.

While the triangulation scheme might be used for security purposes, it is no replacement for cryptography. In the first place the scheme appears to be working on signal strength rather than the arrival time of the signals. That is easily spoofed. Arrival time of the signals would be hidously expensive to do right (I used to do that type of thing, but not with IP routers and bridges in the way...)

It might be useful to use triangulation to detect when people were entering an leaving cells, but that can probably be done by just choosing the strongest signal.

I can imagine using this type of thing to track down criminal suspects, the sort of thing that the FBI have fun doing. It is not a replacement for cryptography and probably not even as secure as WEP mk1.

Re:Good God, are you Clueless?

[brain159]

that 45 minute figure assumes that lots of data is being thrown around across it, and that nobody's going to notice you staying in the same place near their building for that length of time, loitering and looking shifty :)

Re:Good God, are you Clueless?

[The+Fink]

How hard is it for people to do?

It's not that it's hard, it's that the kinds of people who are generally setting these things up have been roped into doing so, and often don't have the first clue about security in general. Nor do they care - they're not usually frontliners who deal with security breaches on a day-by-day basis, and probably couldn't detect a security breach if/when it happened to them.

Very few SMEs - at least in Australia - 'can afford' to hire a fulltime sysadmin with any level of security knowledge. Sad, yet true...

Re:Good God, are you Clueless?

[Natalie's+Hot+Grits]

Don't forget, arrival times (read: ping) can also be spoofed from the client side easilly (this might require mods to the NIC's driver). So even if arrival time based triangulation were implemented, it could also potentially be bypassed.

This is not a replacemet nor a supplement for security. I am unaware of any type of triangulation system that cannot easilly be spoofed by a sufficiently smart person.

This is a neat trick you can use for practical purposes (such as smart shopping carts in grocery store, cheep "GPS" in the city, etc.) but worthless for security, etc.

If anyone thinks i'm incorect, please reply. It would be interesting to hear other people's ideas on spoofing triangulations.

Re:Good God, are you Clueless?

[Cyclone66]

But you would expect a VCR technician to be able to do it, so a network administrator should know how to set up their wifi network. It's a different story for home users, but a lot of the warchalking seems to be for companies.

Re:Good God, are you Clueless?

[WolfWithoutAClause]

Hey, who are you calling shifty? ;-)

Re:Good God, are you Clueless?

[stienman]

Last time I checked, airsnort and other wireless crackers needed on the order of millions of packets in order to determine the key for a weak key.

Maybe you generate that many packets in 30 minutes (NOT), but the researchers said that it would take about a day to get the key from a network of active office users, and a few hours if the network is maxxed out.

Your average home user won't generate that many packets in a week (except, perhaps, those playing quake) and only their neighbors will have the patience and opportunity to grab keys for a week without being caught.

You should change your WEP as often as you change your passwords. Doing these things will keep freeloaders and those who are looking for an easy to break into network out. If someone is determined enough to break into your network, it won't matter what you do, they'll manage a way in. Even you know that if your life depended on getting access to someones home network, even with ssh, ipsec, etc, you could do it through other means.

-Adam

Re:Good God, are you Clueless?

This is all true. However, it is not really important for home users to enable WEP. Corporate users are the ones who need to enable it and they generate plenty of traffic, making it easy to crack their keys in a day.

I attended a hacking boot camp this summer and the final day we took a laptop, gps and a wireless nic antenna on a busride to map some networks. About 19% used encryption. Those who didn't included Motorola, the regional telco, the city police department, CompUSA, and the list goes on and on.

My point is that wireless has no place in any environment that requires security.

Re:Good God, are you Clueless?

[iggie]

No, I'm not clueless, and I let everyone on board my wireless LAN without any encryption or password protection on purpose. Also, besides giving away bandwidth that I pay for to people I don't know for free, I have been known on occasion to do this with software that I write. No kidding! I just put it up on a web site and people I've never met download it for nothing. Amazing!

Re:Good God, are you Clueless?

[LarsG]

True, and those that do that should be forced to bungee-jump with a rope tied to their balls. B-O

But still, since there are people out there that are willing to let other people use their APs and since it is fairly trivial to erect a WEP 'no trespass' sign, I feel that it should not be considered trespass if someone happens to use a non-secured AP.

That is, I don't condone digital breaking and entering but at the same time I don't want people to be afraid of using my open AP.

Re:Good God, are you Clueless?

[Idarubicin]

It takes me all of 30 seconds to program my VCR, but most non-techies can't do it.

This may an important consideration for home wireless networks, but no excuse for corporate networks. Any business that has a "non-techie" building their network is inviting a whole lot of trouble--most of which probably won't be coming to them through their wireless AP.

Re:Good God, are you Clueless?

[RollingThunder]

You underestimate the people in marketing, sales, etc who have no techie traning, but are quite happy to go and buy a WAP, and plug that in at their office, so they can one-up their co-workers.

That practice is one reason that even clued network admins need to regularly recheck their networks for AP's. Rogue ones will forever be a pain in the ass.

Re:Good God, are you Clueless?

[Henry+V+.009]

I didn't attempt to justify it. But as for lax security...

For most of these networks, a normal functioning laptop equipped with a wireless card will automatically sign on to the network with no input from the user at all, just by bringing the laptop into the general vicinity.

No it's not lax security. I think it qualifies as no security at all.

And if you make absolutely no attempt at privacy, if you put your computer network outside in public places (the street), then no, you don't have much right to privacy.

Re:Good God, are you Clueless?

[sakeneko]

It takes me all of 30 seconds to program my VCR, but most non-techies can't do it.

Neither can most techies -- I can program most Unix boxes in my sleep, but a VCR? No f*****g way.... (But, then, I don't own one either.) :)

Re:Good God, are you Clueless?

[WolfWithoutAClause]

Doesn't sound like really understand the technology. At the corporation I work for the standard is for WEP to be disabled, because it is garbage. According to what you say their network is insecure, but they run IPSEC on top of this, and the security should be very good indeed.

Re:Good God, are you Clueless?

[FuegoFuerte]

Also, much of the newer firmware is programmed to explicitly not use weak IVs (Initialization Vectors, what Airsnort etc. use to crack WEP). Without using weak IVs, all normal WEP cracking tools are defeated. So, even though WEP isn't perfect (there are other more complex attacks on it), it is a very good start especially if you have newer hardware or the most recent firmware for your older hardware.

Re:Good God, are you Clueless?

[aminorex]

There's simply no way that the triangulation is
based on ping times. They're talking about
measurements of less than a meter, which is
on the order of 3 nanoseconds at c. Much more
sensible is to triangulate based on signal
strength.

Yes, signal strength can be spoofed *downward*,
but for commercial cards, it can't be spoofed
*upward*, significantly, without the spoof being
clearly detectible. Therefore, I disagree: It
is a very useful supplement to perimeter security.
The ability to defeat does not invalidate a
security measure, unless the effort and expense
involved is below the cost/benefit threshold.

Re:Good God, are you Clueless?

[Pike65]

And how hard is to spot the guy on the other side of the street looking shifty with that empty Pringles can?

Re:Good God, are you Clueless?

[SEWilco]

Yes, signal strength can be spoofed *downward*, but for commercial cards, it can't be spoofed *upward*, significantly, without the spoof being clearly detectible.

Directional antenna. Stronger signal strength at access point which antenna is aimed at, much weaker at all other access points. Makes origin seem to be close to access point aimed at, despite actual location (when origin determined by signal strength). Detectable by noting that signal at further access points is much weaker than it should be (contour maps of omni antenna strengths won't match).

Re:Good God, are you Clueless?

A little harder when he reaches in the can and pulls out a (palmed) Pringle. Actually -- he's got his rig in the paper bag so you aren't seeing any tech other than his headphones. Check for a low-power FM transmitter too...

Re:Good God, are you Clueless?

[eggboard]

Does anyone know which of the newer firmware uses improved IVs? As I understand it, you can use an AP with better IVs without having to have a wireless adapter with any changes in firmware. A few companies, mostly in the enterprise space, have made announcements about their changes, but I haven't seen anything that isn't proprietary between client/AP from a single vendor.

Re:Good God, are you Clueless?

[JabberWokky]

Yes, but it's something that I would not do, whereas I have no problem using open bandwidth. The difference? One is using something that is (intentionally or not) provided for people. Like a drinking fountain. If one sees a drinking fountain, it is presumed that it is available to everybody. Now, you can hang around a food place in a mall, wait until they are not looking, and grab soda from their soda fountains - heck, even swipe food from them. But that's theft. You *know* you're not allowed, even if their security is 'easy to get past'.

The difference between what is wrong versus what can be done seems to be something some people cannot grasp. Bike locks are easy to break. Are you out stealing bikes while warchalking?

--
Evan

Re:Good God, are you Clueless?

Let me get this straight. Your corporation hands out IP addresses to anyone with a wifi card, essentially letting them on their network anonymously. And because the clients use IPSEC to secure thier traffic, you think that makes the network safe?

Just because you can't sniff passwords to and from clients in clear text doesn't mean your router is protected. Just because your clients transmit to and from that router over IPSEC doesn't mean they can't be compromised on a port other than the one the tunnel is using. In fact, if that happens, you have essentially provided a secure tunnel into your corporate LAN.

BTW - what company do you work for? I would love to sell some of their trade secrets.

Re:Good God, are you Clueless?

[pilot1]

You have to looks at the ISPs side, which is that many people can be using one DSL or Cable internet connection, when normally each would have their own connection, that would at least be dial up. That said I agree that it shouldn't be a trespass if someone uses a unsecured AP *if* the owner of the AP allows them.

Re:Good God, are you Clueless?

[aminorex]

That's why I qualified my statement with the words
"clearly detectible". For raw triangulation, in
which no more than 3 points are used, a directional
antenna does create a new degree of freedom in the
solution space, but that degree can be eliminated
with just one more sample point.

Re:Good God, are you Clueless?

[LarsG]

You have to looks at the ISPs side, which is that many people can be using one DSL or Cable internet connection, when normally each would have their own connection, that would at least be dial up.

It is neither my nor your responsibility to protect the business model of others.

If an ISP thinks it is a problem that their customers run public APs they should put something about it in the service contract or AUP.

Re:Good God, are you Clueless?

[tengwar]

Corporate users can look at using 802.1x authentication with a protocol such as EAP-TLS - this allows a new negotiated WEP key for each session, which stops the main cracking problem. 802.1x has a few remaining problems, but it's a huge improvement on relying on static WEP.

Re:Good God, are you Clueless?

[zonker]

WEP seems like a good way to keep out the honest people for home users, kind of like locking your doors at night because most people won't go further. Locks on doors are easy to break though and have weaknesses similar to WEP (go through the window, find the key under the doormat, etc..). However there seems to be another problem with many WEP implementations in that it slows down the transfer speeds, often by as much as 20-50%. This is enough to keep someone who is happy with the idea of getting 11mbps speeds (but wishes it was 100) from turning it on...

Re:Good God, are you Clueless?

[pilot1]

Some have it in their service contract, but many don't think it's necessary since it's considered trespassing to connect to a public AP. I'm just trying to consider the ISPs side of it too. I personally think that setting up a public AP should be allowed.

Re:Good God, are you Clueless?

[manly_15]

Any business that has a "non-techie" building their network is inviting a whole lot of trouble

The sad part is, many buisnesses have managers running the IT department who have NO technical expertise. Through my work, I deal with "sysadmins" who wouldn't know the difference between a pppoe DSL connection and one established with a static IP. If we in the tech community want to promote wireless security, we need to have it so security and encryption is a simple as a message box saying "Do you want to secure [insert device here]?". Otherwise, networks will simply not be secured.

Re:Good God, are you Clueless?

[FuegoFuerte]

All the Orinoco hardware eliminates the weak IVs. Not sure what other manufacturers do this. It's completely seperate from things like 802.1x EAP. What you're talking about (proprietary things) sound like Cisco LEAP (proprietary version of EAP, which has now bean licensed to most major WiFi makers and is showing up in the latest firmware revisions). A different IV is used for every packet sent either direction, so to completely rid yourself of weak IVs both the client adapters (all of them using the same WEP key) and the AP must avoid them. If even one client adapter is using weak IVs still, there is the potential for gathering enough to figure out the WEP key. However, with each additional client that eliminates weak IVs, the amount of time it takes to crack the WEP key grows.

An example: client and AP are both avoiding weak IVs: Airsnort and similar are completely ineffective (to the best of my knowledge).

AP avoids weak IVs while cheap client adapter with old firmware does not: Airsnort, etc. now can crack the key, but it takes many hours (we'll say 12 hours just to throw out a number).

Neither client adapter nor AP are avoiding weak IVs: Airsnort, etc. now take about half the time (we'll say 6 hours) to gain the WEP key, because there are proportionally twice as many packets with weak IVs being thrown across the network.

I'm kinda tired, so hopefully that makes sense.

Re:Good God, are you Clueless?

[eggboard]

This makes perfect sense. If you had 20 clients on an AP with full bandwidth saturation (bad network designer, bad!), and 15 of them had good IVs as did the AP, and 5 had bad, then the amount of traffic it takes is now proportionally higher based on how many packets have good IVs attached. if I understood your explanation correctly.

Thanks, much!

Re:Good God, are you Clueless?

[FuegoFuerte]

Yup... you understood correctly. :).

heh

[wolfgang_spangler]

"Ekahau reckons there is a market for networks used primarily for location-based purposes as opposed to carrying other data. "

Can't remember the last time I saw the word, "reckons" in a major publication. I reckon it was some time ago.

Re:heh

[Alien+Being]

His use of the word "reckon" is either serendipitous or clever because it is also a part of naval and aeronautical navigation jargon. To some people, it connotes trigonometry.

"Dead reckoning" is triangulation of your location based on your previous location and the speed, direction and duration of your travel.

I suspect it got its name from a bunch of hippies trying to find a Jerry Garcia concert ;-)

cornell

there was a article in wired about students use triangulation in 802.11b networks for all kinds of crap. since they only have a wireless lan there, professors and students write software for it because everyone uses it on their laptops and pdas

Re:cornell

[FlowerPotAdmin]

since they only have a wireless lan there,

That's quite amusing, as I appear to be writing this comment from *on-campus* over a *land line*. But our operating systems course does feature an ad hoc routing assignment which uses handhelds w/ wireless ethernet cards.

some additional info

[t0rnt0pieces]

For some more info check out the company's website. Here's the page on EPE. Looks like pretty neat technology. Easy to set up and accurate to within 1 meter. I doubt warchalkers will be deterred though. :)

Re:some additional info

[++good-duckspeak]

Not really clear on how much cooperation is needed from the "tracked device". The fact that the ekahu site lists requirements for such devices is a bit confusing.

And yeah, yeah, triangulation and signal strength and stuff, but does this software do it the hard way or depend on the truthful clients?

end to warchalking?

[cosyne]

Not likely. The systems that get picked up by war____ers are generally the ones that someone took out of the box and plugged into the wall. Anyone who bothers to set up a triangulation system would probably already be using MAC restriction or other security measures. (Technically, you can still see a secured network and mark its location, but you could do that with a triangulation-restricted network too).

Re:end to warchalking?

[cosyne]

wow. I posted that 7 mintues after the story went up and it's still redundant.... Guess i'm not the only person who can't resist a clueless troll in the article.

Re:end to warchalking?

[atarione]

I agree anyone **smart** enough to use the triangulation technology would have already secured their wireless network with mac / passwords ....etc security anyway. But it is kinda kewl that you could see where people trying to log on were though.

Re:end to warchalking?

[Luminous+Coward]

Anyone who bothers to set up a triangulation system would probably already be using MAC restriction or other security measures.

Calling MAC address filtering a "security measure" is really pushing it. Any decent driver will allow MAC address spoofing (even commercial xDSL gateways have that feature).

Re:end to warchalking?

[jtree]

This technology cannot currently triangulate a war{driv,chalk,walk}er.

I'm a researcher at Carnegie Mellon University who has been implementing this same system for the last two years.

This type of system relies on the client (pda/laptop) to gather the raw information for triangulation and send it to the server.

No accesspoint (that I'm aware of) is capable of gathering the information needed for triangulation.

Details:
An accesspoint only knows the signal strength between itself and its connected users.
Triangulation requires the signal strength between the client (pda/laptop) and at least three nearby accesspoints for 2d triangulation.
Current accesspoints do not record or calculate information for clients that are not currently connected to themselves.

It would be possible after modifying the firmware on the accesspoints. The manufactures have been extremely reluctant to give this information out (even under NDA.)

The most accurate information that could be gathered about war{driv,chalk,walk}ers is which accesspoint they are connected to.

Joshua Tree

Re:end to warchalking?

[cosyne]

This technology cannot currently triangulate a war{driv,chalk,walk}er.

Well, I dunno. The implication is that the APs can triangulate, but i don't see anything in the article saying it's not the client doing the triangulation. Or maybe they have a deal with some manufactuer to get more info from the AP, or maybe you have to set up a comptuer with a PC card. Ooooor, you could just set up some simple 2.4GHz receivers which give you signal strengths and/or delays for tringulation (although that's pretty clearly not what these guys are doing).

PS- you forgot warflyers.

We could still warchalk...

[chunkwhite86]

Inside of highrise buildings that have many different companies in them. - use marker on the walls instead of chalk!

What is warchalking about?

[gad_zuki!]

>It may spell an end to warchalking.

I thought that warchalking existed more for those who are offering wireless access to alert others than revealing the open status of another's network. Any warchalkers want to chime in? Are you guys mostly ID'ing your own WAPs or the WAPs of others?

Re:What is warchalking about?

[wolfgang_spangler]

Already answered this, read here.

Re:What is warchalking about?

but why warCHALKING? why not warWALKING?

Re:What is warchalking about?

[mindstrm]

That's what some say... but the name indicates otherwise.

Warchalking is a play on words based on the old term wardialing... calling every number in a telephone exchange to find out which ones are answered by a computer, so you would know what you could try to break in to.

Wardriving was the wireless analogy to that.. driving around and scanning for networks.

Re:What is warchalking about?

[cei]

Hobos, nomads & gypsies. You find something worthwhile, you leave a mark so that others people with your lifestyle can benefit from your find.

Re:What is warchalking about?

[NDeans]

Because they use chalk to make a )( symbol to designate an open AP.

As a sidenote, Schlotsky's restaraunts put up little plaques near the entrances to their stores with the open AP symbol. Such a nice thing to see, rather than the money hungry Starbucks shops charging by the minute for access.

big brother?

[Ishkibble]

this sound more like something the gonvermnet would be doing instead of some company. imagine the advertisement companies, you walk in front of a star-bucks, and a pop-up for star-bucks coffe pops up, and the same for gas and what not. it raises the question of which is better knowing where you/your labtop are Vs. personal privacy. i'm sure not a lot of you will see what i'm saying, but think about it

Re:big brother?

[pwarf]

You could set the laptop up to turn off the wireless card when not in use. They only know where you are if you use their network. And it shouldn't be too hard to block pop-ups on you own laptop/handheld that weren't associated with a webpage request on you end.

However, while this won't add much to the most secure systems, it would allow companies to reduce the hassle associated with maintaining a reasonably secure wireless system. For example, a company like Starbucks might want to offer internet access to customers inside the store, but keep people from using it in the unaffiliated bookstore next door. Or, a company might want to offer internet access to visiting consultants, customers, etc. without dealing with setting up each device. (Full disclosure: I have never used a wireless LAN, so I don't know how much trouble it is to connect to one that is properly secured. I would imagine it could become at least an annoyance.) If a company was willing to assume that the building was secure, they could allow access from any point withing the building. If you were paranoid, you could limit this to business hours.

range?

[bogusbrainbonus]

So they can triangulate on you and determine the position up to one meter, but from what range?

The 802.11b network at my school fails after 50 feet.

Don't throw away that chalk just yet!

Re:range?

[Gruturo]

So they can triangulate on you and determine the position up to one meter, but from what range?
The 802.11b network at my school fails after 50 feet.

?? If you are within range, you can connect, but you can be tracked (and thus expelled if intruding).
If you are outside range, you can't be tracked, but you CAN'T CONNECT EITHER.

So the idea holds true regardless of the range!

Re:range?

[NDeans]

The reason your school network fails at such a low range is because of sub-standard installation. They are most likely using the "rubber duck" antennas that came with the APs and, probably placed them in an area that is behind rows of steel lockers on more than one side. A couple of omnidirectional dome antennas installed in the ceilings in strategic points throught the school, and you'll get an awesome signal form anywhere. As far as the supermarkets having range issues, I seriously doubt they'll have any problems. The next time you go to a supermarket look around. What do you see? OPEN SPACE! The only walls in there are the 7½' aisles. With 12' and higher ceilings, all they will need are three moderately high db gain 120 antennas and they'll have the whole store getting signal strength like you were sitting next to your AP at home. And who says that they'll go for 11b when most won't be implementing this type of service for at _least_ 2-3 years (In the US anyway).

Re:range?

[lommer]

Yes, but if you are in range of ONE of the triangulating antennas, but out of range of the other two, they cant triangulate you position and YOU CAN CONNECT!

mind you, if you were going to use the triangulation thing as a security measure, restrict access only to those people who are within range of >=3 APs, but AFAIAC this is a waste of the APs (supposedly limited) range.

Re:range?

Uhhhh.. no... That's not quite how this works there Kemosabe.

oh, the irony...

[jaredcoleman]

There are a lot of benefits to having this ability. At work, I can now equip our parking officers with wireless PDA's and soon I will be able to make sure that they are not sleeping in the lobby of some building instead of writing parking tickets. Maybe they will actually be out to ticket people parked illegally while attempting to warchalk from their vehicle! Now that's irony!

Re:oh, the irony...

[zaffir]

Of course, then they just leave the PDA in their car once they've parked.

Not so new...

[BrunoC]

You should take a look at this article. Students at Dartmouth College have been using / developing wi-fi tracking systems for a while now. A nice way to track down your buddies at the campus.

Where will it end?

Jesus, first the music industry tries to stop people from stealing their product, now companies are trying to stop people from stealing their bandwidth. What's next? Will department stores stop letting people shoplift? Maybe my landlord will start charging me rent! What will I do?

My god, don't these people realize that everything is supposed to be free? (That's "free" as in "I-should-be-free-to-take-whatever-I-want-without- paying-for-it", of course).

Re:Where will it end?

and, of course, the people who scream that everything should be "free" couch their desire for things to be gratis in terms of a bullshit socio-political argument that those things should be "free (as in beer)". these people are freeloaders who hide behind free speech (liberally applied to everthing from system software to *copyrighted* media).

-ac

Re:Where will it end?

why steal when you can copy?

Re:Where will it end?

[LarsG]

My god, don't these people realize that everything is supposed to be free? (That's "free" as in I-should-be-free-to-take-whatever-I-want-without- paying-for-it", of course).

That's not what warchalking is about. It is about marking open access points, not about breaking into networks.

It should be legal to plug an AP into my DSL line, put a chalk mark on the side of the building and allow people nearby to use my connection for checking mail or the occational browsing.

Is it shoplifting or trespass if your neighbour put a radio in the window and you listen to it while relaxing in your yard?

Securing an AP is fairly trivial, and people who don't want the occational stranger to access their network should take the 30 seconds needed to enable WEP or password/MAC security.

Re:Where will it end?

That's not what warchalking is about. It is about marking open access points, not about breaking into networks.

Yeah, and Napster was about sampling songs by unknown bands before you bought their CDs, not about leeching free music.

Re:Where will it end?

[LarsG]

Yeah, and Napster was about sampling songs by unknown bands before you bought their CDs, not about leeching free music.

That's exactly what I used Napster for, but it seems like I'm in the minority.

I'm not saying that Napster is good. According to the latest numbers I've seen from economists that have looked at the impact of P2P on CD sales the current guesstimate is that sales will drop about 20% due to online copyright infringement. On the other hand, the music business has yet to provide legitimate Pay-Napster services. I'll pay cold hard cash to the first major label that starts selling music online in a format that I know I'll be able to play on my equipment 10 years down the line (that is, MP3, OGG or raw format).

emusic.com is, afaik, the only one doing the right thing at the moment and they don't seem to lack customers even though Gnutella and Kazaa are out there.

Re:Where will it end?

in a format you are confident will be playable in 10 years? that's a tall order.

gnutella and kazaa being "out there" doesn't help when a growing number of isp's and universities are blocking them.

Re:Where will it end?

[Anonymous+DWord]

the current guesstimate is that sales will drop about 20% due to online copyright infringement.

Anybody who comes up with any kind of estimate is an idiot, and is obviously being "funded" by some interested party. CD sales went up when Napster was in its prime. What does that mean? Nothing. Maybe the fact that we're in a major recession and people don't have as much money to blow on stuff, or that the crap they're pushing for sale... naah, that couldn't be it. It must be those Music Pirates! Arrr!

Re:Where will it end?

[LarsG]

in a format you are confident will be playable in 10 years? that's a tall order.

This is seriously off-topic, but anyway:

The book on my bookshelf can easily survive at least an order of magnitude longer. Why should I expect less just because it is digital? I should actually expect more, since it should be much easier to make perfect backups on all sorts of media.

The public should have the ability to preserve history, and in the digital environment that includes the right to make personal copies and format conversions. That's one of the main reasons why I find client side DRM to be an abomination.

The argument from the media industry is that they need some protection, and are pushing technology like TCPA/Palladium and laws like DMCA and EUCD down our throats. I can understand why they are scared, but that kind of control on formats and the tools used to play the content will cause a lot of collateral damage. I believe that the dangers of P2P can be heavily reduced, or even completely removed if the industry spent their energy on providing services that people want instead of inventing digital straight jackets.

Re:Where will it end?

[LarsG]

Anybody who comes up with any kind of estimate is an idiot, and is obviously being "funded" by some interested party.

Most of the reports I have read concerning Napster have been exactly that way.

However, an economist with the name Leibowitz(sp?) seems to have done a thorough job. He started out with the expectation that P2P would have a serious impact on CD sales (Not an unreasonable guess. Given enough people with broadband, P2P everywhere and lots of people with CD burners, P2P download + burn should in economic terms be expected to be a direct replacement for CD sales). Then he started looking at sales numbers for the last 30 years, the impact of recession/boom on sales, other factors like people maybe spending more on DVDs and less on CDs, vinyl and cassette being replaced by CD, etc. When compensating for any other factor he could identify, the numbers show that P2P has a likely negative impact on CD sales but not as much as he had initially expected. Probably because a considerable amount of Napster users (also) use it for browsing and then buying, and the free advertising effect. Anyway, we won't know for sure until the numbers for 2002 and 2003 are in.

Anyway, I'm suspecting that the industry will make more money on online sales - once they get over the current DRM paranoia - than they lose on CD sales due to P2P. And even more if, as you say, they start pushing good stuff instead of the manufactured boy/girlbands.

Re:Where will it end?

[MyHair]

Is it shoplifting or trespass if your neighbour put a radio in the window and you listen to it while relaxing in your yard?

SHHHHH!!! Do you want the RIAA to lobby for a law telling us where we can place our radios?!

802.11b Tracking

[Wrexen]

One way to get around a measure like this is to obtain a surface which can reflect EM radiation at 2.4ghz, such as AMQ coated polycarbonates or crystalline-structured metallics. By using a small set of these "mirrors" at strategic locations, you could fool the software into thinking you're actually receiving from inside the CEO's office.

Since most modern triangulation techniques, including Ekahau's, depend on standard mathematical models of radius delta-reduction, it's trivial to set up your reflectors in such a way that the tracking mechanism can't deduce a logical place for your signal to originate from. Hopefully as location-spoofing becomes more commonplace, the government won't enact any laws restricting the use or registration of EM reflective surfaces.

Re:802.11b Tracking

[brarrr]

a crystalline structured metallic? sounds.... dangerous.

I'd rather stick with my amorphous structured metals myself.

Mods: this is a joke. metals are crystalline materials, they follow one of 14 basic structures.

Re:802.11b Tracking

uhm, dont they track you based on your IP or somthing similar? Besides, for the AP to realize that that mirror thing to not be interfearence, it would have to transmit somthing back...

Re:802.11b Tracking

Prevent cracking - regulate mirrors!

Re:802.11b Tracking

[egarrido16]

Right, because you know, everyone who is anyone has AMD jacketed polycarbonation.

(joke)

FUD

[I+Am+The+Owl]

That's ludicrous. The sheer amount of signal attenuation that would be accrued through solar flares, cell phone traffic and concrete walls would insert enough variability into the time delay of the signals that it would be impossible to position a device within 1 square meter, as these people claim.

They are just spreading FUD, pure and simple. With any luck on their part, they'll sucker a ton of non-EE-informed companies into paying for their crap software before anyone realizes what's wrong.

Re:FUD

FUD?

What they're talking about isn't especially hard to do. All you have to do is compare the mac address tables of the 3 access points to find out which one the client is associated with.

Re:FUD

[mrjohnson]

You see how far away things are with two eyes, right? You can tell the direction a sound came from with two ears, right?

I'm sorry, I don't follow you... Sounds like a piece of cake to me.

With the right equipment, of course. :-)

Re:FUD

Signal attentuation accrued through solar flares?!?!

PUT THE BONG DOWN!!! You have had enough.

bummer

[brad3378]

The article doesn't mention how accurate this technology is - only that it's accurate enough to find an isle in a grocery store.

I'm hoping that technology like this gets cheap and accurate enough to have my lawnmower drive itself.

Re:bummer

[brad3378]

oops......it did say how accurate.
Within a meter. - still not accurate enough for a lawnmower that drives itself. (unless it is a really wide mower)

Re:bummer

[NDeans]

Oh yeah, that's just what we need.


The *NEW* Microsoft Sidewinder Force-Feedback Precision Pro Lawnmower!


It will be just one patch away from having pay M$ $20 so you can mow your lawn.

I'll stick with my riding mower and an ice cold beer.

Constantly diminishing signals are rare in RL

[addikt10]

Triangulation of EM is based on the assumption that the strength of a signal will diminish with the square of the distance from the source, or some other constant function with other signals.

When was the last time you were using wireless (especially through a wall) that had the same range from the access point in any direction?

I can't picture it working in a supermarket, with the metal shelving, compressors for the cold storage, etc. Sure, in a lab it'll work great, but with any kind of range or non-uniform building structures, not a chance.

Re:Constantly diminishing signals are rare in RL

[GigsVT]

Triangulation only needs to know the angle to the signal from two seperated points that are a known distance from each other. You know, like a triangle.

Re:Constantly diminishing signals are rare in RL

True. But with a wireless access point, you can't determine the direction the signal is coming from. So you can't get the angles. Instead you need to determine the distance from two of the access points to the target, forming one of 2 possible triangles, then use the third to determine which one of these is correct.

Re:Constantly diminishing signals are rare in RL

[rkossik]

You can approximate the distance from each receiver based on minute differences in when the signal arrives, but reflections wreak havoc with this technique.

Re:Constantly diminishing signals are rare in RL

[kelv]

Wouldn't it be possible to use 3 antennas and analyse the delay between the reception of signals at each of them?

Sure why not?

[Monkey-Man2000]

reckon Pronunciation Key (rkn)
v. reckoned, reckoning, reckons
v. tr.

1. To count or compute: reckon the cost. See Synonyms at calculate.
2. To consider as being; regard as. See Synonyms at consider.
3. Informal. To think or assume.

v. intr.

1. To make a calculation; figure.
2. To rely with confident expectancy. See Synonyms at rely.
3. Informal. To think or assume.

Re:Sure why not?

[wolfgang_spangler]

I agree it is a proper word to be used. But the connotations that word carries with it usually make people think of some hill in Kentucky and a guy named Cooter uttering it while on his porch whittlin or something.

Or maybe it's just me.

Re:Sure why not?

its just you.

Re:Sure why not?

Cooter aint got no porch, he sits unner the whitlin tree with the res of us.

An if'n u come roun these parts you best bring yo own likker, cause I aint sharin wit the likes ou.

Re:Sure why not?

ya, its just you

Re:Sure why not?

[Alsee]

Not just you.

It has a definite "you might be a redneck if..." connotation, unless it is used in the context of doing precision calculations.

Dictionaries flags this with "Informal". And, no, I'm not saying that all entries flagged "Informal" are hick-speak, bit it is one of the reasons something gets flagged.

-

Silly, silly controls...

[coupland]

Since a huge proportion of us who have publicly-accessible Wi-Fi networks do so by choice you have to wonder what the value of tracking users is. If people use my hub I'm okay with it as long as they're not abusing it, more power (or bandwidth) to them. I don't need to track people using my hub, if I didn't want them I would spend a few minutes reading about security and prevent people from using my hub. The only people who would need to track users would be corporations but their security departments are so damn paranoid they're barely ready to admit Ethernet may be secure, let alone cool shit like Wi-Fi.

Don't be too sure.

[Jucius+Maximus]

The technology to fool technology tends to always be slightly ahead. Expect WiFi location spoofing to follow.

Re:Don't be too sure.

Well, location spoofing might be sort of difficult. After all, you are trying to receive data, not avoid it. Being in a sort of read-only mode (like a shomiti tap for wireless) however, could be do-able.

Bah!

[NeoPotato]

I used to find people by pinging their computers! I'd ping a friend's laptop (using their Windows computer name), look at their IP, then go find them on campus. I think I scared a few people when I'd say "Stay right where you are" and walk over to the study room where they were hiding.

Although I guess using triangulation accurate to a meter would let me say "You're on my spot on on the couch. When I get back from class, you gotta move."

Re:Bah!

[mindstrm]

Yeah

OR when you get on irc and notice someone is online from the university computer lab.... so you find someone else online from the same lab, and start asking them to describe said person.

Then you pretend you are psychic by explaining to the first person what they are wearing, what they are doing, etcterea.

Is that creepy or what?

Re:Bah!

A lot of computer labs now have some sort of web based monitoring, you can simply log in and take a look.

Something more fun was to log into the unix lab and run netstat from their machine. Tell them what web sites they were using. Now is this in invasion of privacy? Sounds like it to me. However, assuming you have permission to view the webcam and to log into the machine, you aren't technically doing anything wrong.

Re:Bah!

[NeoPotato]

Then you pretend you are psychic by explaining to the first person what they are wearing, what they are doing, etcterea.

Is that creepy or what?

Or you can type "INCOMING" and chuck a pen their way. Nothing like a virtual warning before getting tagged in the head with a flying object.

I question the accuracy w/ relation to networking

[PhysicsScholar]

Out of the various possible routes taken by a TCP/IP packet in transmission, one line l may be chosen with peak in point p relative to which the line is symmetric (relative distance and velocity, v(p), are minimal).

Therefore, the scalar potential field created by such movement obeys Zipf's Law of Power (so do Web links, but that's for another post perhaps).

Bottom line -- be weary of news releases such as this one that proclaim to track you via traditional IP methods. Unlike the X10 cam, most of these software crocks of crud simply don't work!

Also, here in the UK our 802.11 cards are very different from traditional eth0s you folks may have in the States. Yet another question to ponder...

No Triangulation , Just bump the power for War

[notestein]

After digging through their site, it seems that they locate you by the following:

Calibrate the positioning model - Move around the area while clicking the map to record sample points containing received signal strength intensity (RSSI) samples. No information about the access point locations is required

And it implies that triangulation is not involved:

Ekahau technology offers more comprehensive feature set than any competing technology on the market. The calibration-based approach is radically different from other commercial techniques, which mostly rely on signal propagation and triangulation for solving the location.

So perhaps if you bump the power of your signal from the outside they will think you are inside.

Re:No Triangulation , Just bump the power for War

[DMBoyd]

you cant find any 2d location without triangulation.

if u can please tell me.

by increasing signal strength you would be increasing signal strength to each access point by a proportional ammount. there would still be adequate signal strength difference between access points to identify your location.

the only viable method i have seen on slashdot is one up a bit further which proposes em reflective surfaces.
that would work. and so would purposely blocking out a particular access point from the direction of your antena. ie. place a lead sheild or something in front of some access points and make it only able to "see" one of them

Uh oh

[dr_dank]

I found a new open network near my girlfriends apartment,opened up my browser to /. and saw this as the lead story.

Perhaps I'd better log off now....

Re:Uh oh

[Dr.Luke]

Mod up! This slashdotter has a girlfriend. That's much bigger news than WiFi triangulation!

Re:Uh oh

[Fnkmaster]

Funny thing happened the other day. My friend was over, opened up his laptop in the living room of my apartment, and started browsing. We had been making some DNS changes to a site we own, and he was checking them out, and told me they had propagated. I checked on box, and couldn't see them yet. This had us stymied for about 20 minutes until he checked his current IP address and hostname, which showed clearly that he was on Verizon DSL, whereas my apartment has ATT BB Cable - he was using the default Linksys SSID and his 802.11b card had picked up the neighbor's wireless access point accidentally. Whereupon we also discovered that we were easily able to use the default Linksys password to get onto the neighbor's router. Oh, and we found that our neighbor had three Windows boxes with open shares on them (nothing interesting in the shares though).

For a brief moment, I questioned why I am paying for a landline feed and not just piggybacking bandwidth off of my hapless neighbors.

Re:Uh oh

[Gabrill]

Good for you for not taking the easy piracy. They say most theives are opportunists, and this was a prime opportunity to put gay porn in their windows shares. HAHAHAHAHA.

Re:Uh oh

ROFL

That is not where I thought you were going with that one :D

Re:Uh oh

[isorox]

near my girlfriends apartment
This slashdotter has a girlfriend


Are you sure that she's not a girl he's stalking and pretending she's his girlfriend? Sounds more likely. Uh-oh, gotta go!

Triangulation with one receiver?

[tokachu.a]

This kind of triangulation would be useless, since you'll need three WiFi access points (thus the term "triangulation". I've yet to see a business that has some dire need for more than one access point. And as for the thing for denying people access when they're too far away, what makes you think someone's gonna point their Pringles can to your building from 800 feet away.

Re:Triangulation with one receiver?

[iamdrscience]

This kind of triangulation would be useless, since you'll need three WiFi access points (thus the term "triangulation".

Umm... no, you need two points for triangulation, that's the way triangulation works, you use the distance from two separate points to a third point (the object/person etc. that you are triangulating) to complete the triangle. You need two WiFi access points and one person using them. Two WiFi points versus one isn't a HUGE deal and it's kind of a non-issue anyways since probably no company would bother with this anyways, excluding the select few where the boss is a geek and puts one in because he thinks it's cool.

Re:Triangulation with one receiver?

[Nerull]

Actually, from my understanding, you draw a line from each reciver that goes off forever in the direction the signal came from. Where these lines cross, is the location where the signal was sent from. At least, this is how they use triangulation to find the source of radio transmissions when they want to find lost ships at sea (find where their last radio transmission came from, and start searching from there), or other such uses.

Re:Triangulation with one receiver?

[RayBender]

If you use distance, there are two possible solutions... You're thinking direction.

Re:Triangulation with one receiver?

[grishnav]

One way to do it is to determine the direction the signal is coming from using two known points. This is quite easy, and can be done with even basic direction finders. Imagine that point A and point B are directly east/west of each other. Now, draw a ray from point A outward at, say, 45 degrees. Draw another ray starting at point B at, say, 275 degrees. Where they meet is the location. This form requires only two points.

The other way requires three sites. You use a timing method to determine how far away they are. Imagine points A, B, and C (the location of the points is basically arbitrary, so long as they aren't too far apart). Draw a circle with a radis of one inch from point A (indicating the signal, determined by timing is, we'll say one mile away), and another with a two inche radis from point B. In most (but not all) circumstances, the circles will meet at two points. Thus, in most (but not all) circumstances, two will not be enough. Now draw a circle around C (I can't give you a radis length as I am unwilling to do the math in my head) to intersect with one of the other two intersections. If you've done it right, no matter how hard you try, assuming you've drawn perferct circles, the circle around point C will only meet with one of the two A/B circle intersections. This make any sense???

Re:Triangulation with one receiver?

[grishnav]

I forgot to mention that ideally C will form a triangle with A and B, but it doesn't necessarily have to.

Re:Triangulation with one receiver?

[DMBoyd]

actually u need three.

go test it out.

get a compass and two points 4 inches apart. if u know a user is 3 inches from one point and 2.5 inches from another point there would be two possible locations the user could be.
you need three points.
u only have signal strength(which is prop to distance) not angles. so you need three points to clarify any point in two dimensions. And four or more to more acurately place a point in 3 dimensions.

its like gps'es
http://www.howstuffworks.com/gps1.htm

No this isn't possible

[RedWolves2]

I am walking down the street right now hijacking a wireless connection and nothing is happen to...[End of Transmission]

Assimetric aerial

[javilon]

What happens if you use an assimetric aereal? like when you use directional aerials. Will this confuse the algorithm they use to triangulate?

How does it work?

[Omega+Hacker]

I can think of several ways it might work, but all of them present significant challengs. Relying on relative signal level would be ludicrous, because signal level changes dramatically with card orientation, reflections, and whatever's in the middle. Heck, I get significant variance in signal level on the fixed links between the antenna on my roof and neighbor's sites.

Using a GPS-like timing comparison might do the trick, but it's set up backwards. With GPS you have a bunch of atomic clocks in orbit, and one device correlates the relative signal phase between them. With APs, you have to have extremely accurate timing across all the APs, which is a very hard problem (I've researched it...). Once you have that, you can compare reception times of a packet from the device being tracked, and triangulate. Problem is 1 meter accuracy represents some scary clock accuracy numbers across several APs with just an Ethernet between them.

If anyone can think of any other way to pull this off (WITHOUT modifying the client, and ideally without any special hardware, i.e. implementable in the HostAP driver), post them here.

Re:How does it work?

[B3Geek]

Maybe they are determining relative delay between transmitters and a receiver by correlating the received signal against the spreading sequence. IIRC, the resolution of such a method is related to the chip rate (11 Mchips/sec?).

Dunno if it can be done w/o special hardware though.

Re:How does it work?

[Omega+Hacker]

> Dunno if it can be done w/o special hardware though.

It can't. To get meter resolution, you need a 300MHz clock (1 meter per tick) with reasonably low jitter on each AP, all locked to each other with less than one tick difference across all APs receiving a given packet. That's an effective impossibility on its own (like I said, I've done a lot of research into that problem for a semi-related project).

Even if the chip rate of 802.11b is 11MHz (I'm not so sure, I'm pretty sure there are multiple bits transmitted at the same time), that only gives you a resolution of 30 meters, or about 100 feet.

However, from looking at their website it appears they are indeed using signal-strength calculations. I suspect their 1-meter number is resolution, not accuracy. There's not the *slightest* chance that they can accurately pull the position of someone to within a meter, when moving your laptop a few centimeters can *wildly* change the signal level on the various APs. I know, I've done it.

I saw a graph once, I wish I knew where, that showed the *measured* signal strength in a small cubicle room with a single door and simple desk. The interference patterns caused by reflections caused differences of 10's of decibels in repeating centimeter-sized patterns. Move a tiny bit and you could lose signal entirely. Use those numbers to try to correlate anything and you're smoking some serious crack.

Re:How does it work?

[Luminous+Coward]

Even if the chip rate of 802.11b is 11MHz (I'm not so sure, I'm pretty sure there are multiple bits transmitted at the same time)

Yup: 1.375 million symbols per second and 8 bits per symbol equal 11 Mbit/s.

What about this

[iamdrscience]

Triangulation works great in two dimensions, but when you use a third you have to do quadrangulation (is that even a word? I'll bet it is) like say you work for a company in a five story office building, when you triangulate where a person is in relation to you distance wise and in which general direction, but you don't really know where he is, maybe he's 15 meters in front of you and maybe he's 5 meters in front of you, but three floors down. They could both register as the same with triangulation. I will start the quadrangulating WiFi revolution.

Re:What about this

[lommer]

Wtf are you on?!

Two known points is all that is needed to biangulate(?) on a flat plane. This is basic grade 8 trigonometry. You just take two known points, their angle to the unknown point, and draw 2 lines in the direction of the unknown point. The unknown point is where the lines cross. Adding a third known point can let you determine loction in the third dimension. Any points beyond that will only serve to increase your resolution (not a bad thing), but are ultimatly redundant.

Please think before you post.

Re:What about this

Two known points is all that is needed to biangulate(?) on a flat plane.

#1 - Two known points are used to TRIangulate on a flat plane (as in completing a triangle).

#2 - He obviously wasn't talking about a flat plane if you read it, the post SPECIFICALLY refers to a three dimensional environment.

Please think before you post

Please read before you post.

Re:What about this

[prockcore]

Actually that's not true at all. Triangulation does work in 3 dimensions. Both the standard direction based triangulation, as well as distance based triangulation.

This deals with distance based triangulation, so I'll just touch on that.

This works by calculating the distance you are from each point in the triangle. (based on signal strength). Imagine you're in an elevator, in the dead center of the triangle. You're now on the same floor as each point.

Hypothetically, you are exactly 10meters away from each point. Now you hit down.. after a floor, you're exactly 20 meters away from each point. It is physically impossible for you to be on the same floor as the triangle and be exactly 20 meters away from each point, since 10 meters is dead center.

Now.. there's only one instance where distance-based triangulation doesn't work. If you can go above as well as below the triangle. If you're 20 meters away from each point, you've got to be in the exact middle, and down one floor.. However you can also be up one floor. So that breaks it. The only way to fix it is to move the triangle so that you can only be either above it or below it.

So put your APs on the ground floor and yes, indeed, triangulation works in 3 dimensions just fine.

(Directional triangulation doesn't have the negative-z limitation)

Re:What about this

[lommer]

my point was that he didn't need 4 points to triangulate in 3D space, only three. And he did say that you need three points to triangulate on a flat plane, which is wrong. You see, I DID read before I posted...

This is similar to whiteboard capturing

[Dr.Luke]

Whiteboard capturing devices use a similar principle. Two microphones are at opposite ends of the whiteboard and an ulrasound emitter is attached to the pen. When you move the pen the CPU unit attached to the mikes triangulates the postion of the pen and renders the digital image of the whiteboard. I always thought it was a simple and elegant solution compared to the touch sensitive whiteboards that cost much more. Another company now has a mini version of this technology for iPaq which attaches to a normal writing pad and allows you save anything you write on your iPaq.

How about "tetrahedralization"

Because a tetrahedron is the shape you get when you connect 4 points in 3D.

Re:How about "tetrahedralization"

[iamdrscience]

FUCK FUCK FUCK. You're right, but (follow me on this one, I'm stretching this a little bit) a quadrangle is defined as a shape with four sides, constructed using four points, and since no definition I've ever seen or heard has mentioned anything in regards to 2D and 3D, a tetrahedron would fit that description (sides in a 3D shape are the faces of the shape right, not the same as the edges of the figure). HAHA! I BEAT GEOMETRY, TAKE THAT MRS. LAVERDIERRE!

And In Related News...

WiFi SA is launched. Access points deploying Selective Availability, technology the military used to degrade GPS signals to the enemy. The technology inserts random packet lag in to defeat evil hacker terrorist and government ufo's from accurately triangulating the position of the base station and thus hacking in (with an axe) to steal precious pr0n.

Slashdot reader paran0id welcomed the news saying this saved him allot of money he would have needed to wallpaper the house in tin foil.

In post on the cs forums the terrorist responded defiantly saying they would kidnap any scientists working on such technology (cs_militia) and bomb any crates containg devices utilizing it (de_dust). When asked why they would take such drastic action one terrorist said "lag suxors, what kinda n00b would add lag to his connect on purpose".

When a Counter-Terrorist agent was asked if WiFi SA would hinder thier ability to find terrorist and steal thier pr0n he replied "d00d, who needs that trianglation crap when you got a colt, a aimbot, and the ogc wallhack."

Comment removed

[account_deleted]

Comment removed based on user account deletion

Not so

Such scalar fields can easily be integrated using quaternions, where the 4th dimension is time. Zipf's Law in this case actually helps find the solution path, as you merely have to choose some constant of integration that will agree with all possible paths.

So a bit of heavy math is involved to get traction on the problem but hey, someone paid all those 19th century mathematicians to come up with these algebraic tools. We might as well use them when they apply.

Oh.

[mindstrm]

The point was that I was 300 miles away from the campus at the time.

Re:Oh.

Then how did that guy throw the pen that far? He must have quite an arm!

Another Excuse

[Gabrill]

To buy more Wi-Fi repeaters! My wife is gonna kill me when the bills come due!

how..what??

i don't see how you can possibly be right..
if you know the direction, you'll know whether they're level with you, or below you, or whatever. if you point your directional antenna straight ahead of you and get the strongest signal, the person is level with you. if you turn your antenna 15 degrees downwards, they're below you. use of a second antenna determines the distance to your target. the only thing a third antenna would do is tell you what you already know from using the second antenna.

Re:how..what??

[Gabrill]

Oh god. How much is NetGear gonna charge for the auto-directional antenna wifi access point? Oh yeah. And it will only work for ONE USER! So much for corporate feasability.

New toy for the BOFH...

[sigsegv_11]

I can see it now.. the BOFH getting out of a weekend at the helldesk because the Boss spent forty-five minutes in the bathroom the day before downloading pictures from nymphoasianlesbians.com. Bring on the blackmail and the lawsuits!

Amateur

I learned from my first wife - keep a second account she knows nothing about and have the contact info for the bank registered to a p.o. box and cell phone (in only your name).

I am not suggesting you do anything she REALLY wouldn't approve of (like cheat). Just she doesn't have to know how you spend every dollar.

Heh. Not so quick guys.

[jeremyacole]

I wouldn't say this will be the end of warchalking, more like a cool toy with some very practical (and very scary) applications.
Even the very term "triangulation" implies that you'll need 3 access points to do it.

• With 1 access point, all you can tell is a VERY rough "how far away are they". A lot of other factors affect signal strength and timing (reflections make a big difference), so this is not at all reliable.

• With 2 access points, you can get a bit more accurate about where they are, but not *that* much because of all of the other factors.

• With 3 access points, you can generally locate a signal rather well, because they can see more points, and in particular if the 3 APs are located in a triangular fashion, with the user in the middle, youcan quite accurately track them.

The accuracy of the system will be almost entirely dependent on the number of access points that a user can see at a given moment, the more APs, the more accurate. Just like GPS.

Re:Heh. Not so quick guys.

[Da_Monk]

not really, triangulation means two detectors, one working on the x axis, saying left or right is stronger, one working on the y axis saying up or down is stronger. the third point in this trangulation is the transmitter you are hunting. your explanation is correct for 3d space. where you would need a z-axis detector.

Re:Heh. Not so quick guys.

[jeremyacole]

Well, I very well could be wrong about this, but I think you're thinking along the lines of radar, not beacon triangulation.

When you're dealing with triangulating the position of a beacon, you can only "listen" and make judgements based on relative differences. Based on common knowledge of interference and the decay of that particular frequency of radio you can determine, based on three or more points, where an object is in relative space.

With only two points to work with, you're able to get at most that the beacon is at "point a or point b" both points being the exact same distance away, but in semi-opposite directions. Try it, if you draw on a piece of paper two points, representing APs, and draw a circle around each representing a received signal and its strength, you would notice that with two points, they overlap at two points, but with three, they overlap at only one position.

Re:Assimetric aerial (and a new hobby)

[driehuis]

Yes, it will confuse it.

Their method will probably even fail if you switch WiFi cards. I've got a Compaq WL110 which has a range of about 10 feet. My Lucent card on the other hand sees the access point from 100 feet, without line-of-sight (I assume the radio waves bounce off the ceiling through the window; no other way to explain _that_ range).

My access point has antennas that can be moved into different polarisations, and in an off-colour configuration, access without line-of-sight becomes really spotty: it works in one place, and a few feet to the side it stops.

But it seems to me the point of the seller is not to track abusers, but rather to track known-good devices in a known area. That alone is a cool concept, if you see what contortions people go through now when designing warehouse positioning systems. I've seen the results of an automated fork lift running through the wall of a warehouse because the reflective pad that marked the end of the aisle was covered in grime.

Hmmmm, I can envision the next hobby: sit outside a warehouse with a 2.4GHz klystron, wait until you hear the fork lift come down the aisle, then switch on the jammer and watch the fireworks :-)

How Microsoft did something like this

[ntk]

Microsoft Research did some work on this a couple of years ago - they called it RADAR.

The equations they use are pretty simple, and they seem to be getting very optimistic results. They, too, use signal-strength triangulation, together with a model of the local area (so you feed in how many walls are between you and the AP, for instance), and some processing based on recent history. That's to say, four out of the five latest samples have you outside on the pavement, and one of them has a 50 yards away in the eastern wing, you're probably still on the pavement.

Venkata N. Padmanabhan has some more papers on this on his homepage. Victor Bahl has a demonstration here but I guess it only works on IE.

much easier solution

[g4dget]

Just use a slightly directional antenna--anything that relies on signal strength to triangulate you will end up being way off. If you set it up carefully, you can even choose your "virtual" location. And, no, the government can't really outlaw directional antennas.

And privacy is.....?

[__aafkqj3628]

Sure, if may have an end to warchalking, but what about your privacy. If you can be tracked everywhere based on your mobile device, how long before somebody cracks the system or it's used against you?

Re:And privacy is.....?

[t_allardyce]

What do you think the mobile-phone networks are used for? Oh, and when GPS-equipped phones become popular you can forget about your privacy altogether (the GPS position can be requested remotely by the phone company etc without you ever knowing. The microphone can be activated, and the phones can even play dead and _pretend_ to be turned off)

Re:And privacy is.....?

[__aafkqj3628]

And then someone will hack it and chaos will be created. Wonderful!

Re:And privacy is.....?

[buswolley]

Tracking is cool. Consumers love it and they give tracking rave reviews.

Privacy bah?@!!!

As long as you spend money we wont care where you are.

And consumers love spending. So they have no fear.

Re:And privacy is.....?

[__aafkqj3628]

But that's because the general consumer isn't exposed to all of the facts. Just look at the Trusted Computing infrastructure, most people only know what it could do to help them (which is only 0.0000001% of the facts).

If you tell someone that eating a warm brown substance will cure him of cancer, he'll eat it - just as long as you don't tell him it's sh*t.

parent post is complete nonsense

[g4dget]

TCP/IP has nothing at all to do with this, nor Zipf's law, nor any inverse square law, nor any kind of physical model. The system simply builds an empirical numerical model relating received power at the access points to location. As long as received power varies reproducibly with distance (not even necessarily monotonically) and you get enough independent measurements, that is possible.

not required--no "triangulation" involved

[g4dget]

If the system used triangulation, you would be right. But it doesn't. All that is required is that relative signal strengths are reasonably reproducible for each location and that you have enough measurements to distinguish all locations you are interested in. The system internally produces a map of which combinations of signal strengths correspond to which locations. To reduce the number of calibration points you need, you can try use interpolation between nearby measurements, which will usually work reasonably well/

Re:not required--no "triangulation" involved

Until they sell all the cans of green beans and the signature of the shelf changes.

how nice of you

Nobody puts gay porn onto my open Windows shares, even though I leave my 802.11b completely open. I have to go out and buy it myself.

MacHack 2001 - "Airport Radar"

[chriswaco]

There was a cool hack at MacHack in June 2001 that did this.

A quick Google search turns up a copy:

href=http://blueg3.homeip.net:81/MacHack/The%20H ac ks/Airport%20Radar%e2%84%a2/

Don't forget the "Tri" in "Triangulate"!

[SlimFastForYou]

Not the best option if you want security... Triangulation requires 3 WAPs in distinctly different spots. Most home users don't have a WAP in their kitchen, bedroom, and bathroom. It may be argued that universities have WAPs all over the campus. That may be so, but is a wardriver usually in the range of 3? I am no expert on campus WAP placement, but the only places I immagine could be triangulated would be roughly the center of the campus. So while multiple gradebooks are being accessed by a host with an unknown MAC address, the triangulation software will say "Not enough base stations to determine location".

Re:Heh. Not so quick guys.

[eyegor]

That also depends on your beam shape. If one uses an antenna that receives a very narrow beam but has a lobe at 180 degrees in addition to one at 0 degrees (and is steerable), you'll be able to trianglulate easily on the signal unless the signal originates at or near a point between the two antennas. The error elipse would be rather elongated at that point. If the source was at 45 degrees relative to both antennas, your error elipse would be small and you'd have an accurate fix on their location.

When calculating position on range alone, two antenna sites will indeed result in two intersection points, but that's not really trianulation anyway.

Napster: Goooood!!

>the current guesstimate is that sales will drop >about 20% due to online copyright infringement.

> CD sales went up when Napster was in its prime

So when Napster was around sales where good and now that's it not they're bad?
I know it sounds simplistic but its the RIAA where talking about....

I demand a new CampChaos version of the Metallica neanderthal going:'Napster G-O-O-O-O-O-D!!!'

zeke

Too damn expensive...

...at ~US$600 to triangulate two users. Gimme a break. Someone create an open source version, quick.

Free Wi-Fi Tracking Software

[mtodd78]

The research group I work in used many of the same techquies that this software company uses to create Nibble which also can do positioning using Wifi; http://mmsl.cs.ucla.edu/nibble/. Free. GPL'd source is available too.

Things to note, however, about any 802.11 tracking software it that its accuracy is poor > 5 meters, unless you are using 5 or 6 *simultaneously* accessible access points (it even states this in the Ekahau manual). Tracking software can be thrown off by even seemingly minor enviornmental changes like crowds of people etc. Also some calibration is also required.

Don't worry about this shutting down free access points as it is way harder to do location tracking than it is to set up an encryption system (even really good VPN style encrytion) or a simple MAC address filter.

Mike

I see

[benjamindees]

that the other Slash-nomads have marked this post as "interesting". I will stay for a while, then continue my search for one which is marked "farmer's daughters to sleep with".

New chalk design?

[Kaz+Riprock]

So, this is easy to solve...what's the new symbol going to be for a WAP that's triangulating?

Re:New chalk design?

)X(
X marks your location.
Actually, insert the X in any symbol -- location tracking can be done by open or closed nets, but a closed net has to be broken into before they notice you.

Odd that warchalking.org does not have a table of symbols....

What about a directional antenna?

[Albinoman]

What if someone used a directional antenna? The third antenna would be able to connect the signal and triangulating would be next to impossible. The other thing is you cant just drop the connection when two antennas dont see it since there are bound to be dead spots.

Beware FUD!

There aint no such site as nymphoasianlesbians.com. Get me hopes like that....

How this works (not triangulation)

[kazad]

Hi all, this is my first /. post. I did a research project last semester and implemented a system like this, and got about 1 meter accuracy on average.

Rather than using signal strength for triangulation, you use it to record a "radio map", and compare your current position to the map. The basic steps are:

1) Walk around a room, recording the signal strength to each AP (so you get a file such as "Access Point #1, Avg signal: 96 AP#2, Avg signal: 74 ..." ). Netstumbler or other software can help you make this file.

Create a "profile" like this for every location you wish to map (roughly, one every square foot or meter). The number of profiles determines the granularity of the system, but too many profiles can cause "collisions" in the sense that different locations have similar profiles, for some reason or another. There are ways to combat this, one of which is to make an educated guess on the new location based on the last one. (i.e., the user could not have walked over 10m in one interval)

2) When a user connects, they can compare their current signal strength info ( such as AP#1, signal: 34 AP#2, signal: 74) to the map: the closest point is probably their location.

I did a simple euclidean distance calculation (taking each profile as a vector in some large space [cool how the pythagorean thm. generalizes, eh?]. There are many better ways, which I am researching this semester, but euclidean distance is fine for now.

I'm pretty sure this is why they must spend an hour per 10,000 square feet to "calibrate" the system. I had to do the same, but it was a *lot* slower; I need to make a tool to do this automagically.

This semester I am also looking to get my system working with an ipaq robot running familiar. It's the combination of the palm pilot robot kit and this positioning system. Hopefully, the little robot should know (roughly) where it is, and be able to be controlled via the internet.

Check out my webpage if you are interested in more details.

Re:How this works (not triangulation)

[SEWilco]

A tool to do it automagically...do you know how distances on a road are measured "by hand"? No, to measure about 500 feet don't use a tape measure. The tool is a wheel on a stick -- if the wheel has a circumference of one foot, a counter of wheel rotations measures feet.

A wheel which reports distance to a laptop can measure distance along a line. Two wheels can measure movement in any direction. I've just described a mouse or trackball interface, so I'm sure you realize you can use that mechanism. You can have a laptop on a stand with casters, and an optical mouse pointed at the floor or at a ball which is rolling on the floor. Isn't this all obvious?

If you happen to have a robot then it can use a similar method or it can do dead reckoning based on its own wheel/track movement.

Easy to beat: introduce (random) delays

[OttoM]

The system uses delays to measure distance.

Once you introduce random delays, measuring the delays will not give a clue. Of course these delays should be really random (pseudo random is not enough), which may be harder than you think.

Another way of fooling the system is using constant delays per base station: your wireless device can convince the tracking system you are at a position you choose yourself.

not really the end...

"It may spell an end to warchalking"

Not really. Warchalking means exposing unsecure Networks. Everyone can encrypt his WLAN, anyway. So finding the location of the connecting machine doesn't really help any further.

Re:not really the end...

[kylegordon]

"Warchalking means exposing unsecure Networks. "

Bollocks it does! I'm fed up hearing this negative view of warchalking coming from people who don't have a clue. I have a warchalk symbol outside my house to denote that I give free net access, not that I have 'an insecure network.' Warchalking is about telling others what is available, and it doesn't imply that the network is insecure or illegal in any way.

No wonder warchalking is getting so much bad press these days. Next I'll be having the Police at my door, arresting me for being a hacker on my own network and telling others about the free net access I've found.

Bloody idiots.

Re:not really the end...

[Gordonjcp]

/me dials...

Oops: they are using signal strength

[OttoM]

It seems I was thinking GPS too much. GPS uses propagation delays. They are using signal strength....

But randomizing the signal strength should fool the system too, however.

Whats the point

[t_allardyce]

Sorry.. why dont you just secure your network with encryption? Triangulation is a neat idea, but its just not going to work with so many obsticles (some moving) in a building. Why bother calibrating 1000's of square feet when you can just use a password?

one problem with triangulation

[v1]

Odds are about 100% that if you are setting up multiple wifi base stations, you are placing them for optimal coverage of your own intended users. Wifi triangulation works best when the user is somewhere within the perimiter of the base stations, and works most poorly when the strongest received signal is a station on the perimiter.

So to accurately determine if someone is outside the intended coverage area, wouldn't you really need to deploy additional base stations? For instance, if you have three stations at your business, one near the front, and two in the rear corners of your building, and someone is wifi'ing in from the bus stop bench outside, he's going to hit the front station and not do much for the two in back. It's very hard to tell this user apart from someone just inside the building and very near the front base station. To settle this, you'd need a base station like across the street or something.

I don't see wifi triangulation as a practical way of identifying users outside the perimiter for this reason.

It's also worth noting that it would be a poor choice to place the base station right at the front of the building, because you'd be wasting 50% of the station's coverage area. But to pull the stations in toward the building's center would further degrade your triangulation abilities because relative signal strength differences would lower your triangulation precision.

Just tossing ideas out, I'd propose the best way to keep warchalkers out if that is your intention, is to deploy your base stations in such a way as to not provide (effective) coverage to areas outside your premisis. If your business is already too small to keep coverage just inside your building, then obviously buying several base stations to try for triangulation is patently absurd.

Of course, my final suggestion would be to openly allow public access, and use it as a P.R. booster. Free advertisement is handy, and in most cases, this would almost be free.

For the entrepeneur: I haven't seen anyone selling warchalking plaques yet. I bet there are some businesses out there (cafe's etc) that would buy a custom made brass or bronze wall plaque they could affix to the outside of their buildings to attract more customers.

Finally

Now I can find exactly where they are.

It runs on the client

[feenberg]

Any use of this technology for security will be hampered by the fact that it apparently runs on the client - at least the web page lists requirements (Java, etc) for the client.

My own experience with 802.11b is that the inside range is so small - about 30 meters, that just knowing which access point was handling the traffic would be enough geographic information for most of the applications they list.

Re:Good clue, are you Godless?

Ok, now what would Jesus do when it comes to wireless security?

The data would miraculously appear in the destination system?

yes, it is so trivial that you are so smart

you are so damn smart, I wish I was that smart.

As there are already many surfaces that will reflect RF in the range that you specify, why would you think that these folks haven't already accounted for multipathing?

They must have or the shit wouldn't work.

But you are really really smart

You need THREE to get the forth exact

you need THREE points or else you end up with the location along a circle UNLESS the point of interest is directly between the two (if you only have two).

No, he's right. You need 4

[pclminion]

The first station pinpoints your position on the surface of a sphere in 3D space. The second station pinpoints you on a different sphere. The intersection of these two spheres will be a circle in space. Now, a third station pinpoints you on yet another sphere. The intersection of this sphere with the circle will be a set of two points. In order to tell which point, you need a fourth station.

Unless someone can point out a flaw in my logic.

Wave dispersion?

[pclminion]

In theory, you could tell how far the signal travelled through air by examining the dispersion of the wave at the receiver. Different frequencies travel at slightly different speeds through a medium (but not through vacuum), causing the different frequencies to spread in time. In theory you can use this to tell how far the wave travelled.

The effect may be far too small to use in practice, though.

Right answer, wrong reasons.

[wirelessbuzzers]

You're right, you need four, but this isn't why, and the math is ugly. You can't tell how far away a signal is from a given point, unless it's broadcasting with known constant strength or sending a time signal or something like that. What you can tell (sometimes) is how far away the signal is from router A, compared to router B. You might have a ratio of distances, or a difference of distances, either of which pinpoints location on a hyperboloid. This surface is two-dimensional, and for every reference you add, you strip off one dimension, so you need two more references. After that, the solution will be unique with high probability, as long as your references are not coplanar. The math, requiring simultaneous quadratics, is not pretty.

If you could tell the exact distance to the signal from each access point, you could probably place 3 of them cleverly to give you a good location. For example, if the access points were on the top floor, you take the solution below them, unless you believe the person accessing your network to be warskydriving.

Re: re-checking for access points?

[King_TJ]

I'm not sure this "party line" of "check your network often for rogue APs" is all that sensible of a solution.

I'm not saying there's anything wrong with doing it, if you so choose. I just feel like it's playing "whack a mole" with a technology that network admins would be better off dealing with "head-on".

If a given environment requires a high level of security from people outside the building gaining network access, they should make efforts to block the radiation of the wi-fi signal beyond their perimeter. A farraday cage of sorts could be constructed to shield the signals from getting out. This might make a lot of sense in the construction of new bank buildings, for example. (Just place wire mesh behind the drywall that goes up against outer walls.)

For those unwilling to go this far to solve the problem, it still seems like good network practices should "save the day". Let's say, for example, war-driver X does find your sale guy's new, unsecured access point, and gets on your corporate LAN. How is he/she any different from a visitor who decided to plug his laptop into an available network port when he sits down in one of your company's conference rooms for a meeting?

In both cases, you'd assume the person wouldn't be able to do much more than get issued a valid IP address and be able to "ping" stuff. He/she doesn't have a username or password, so therefore, no security granted to modify or open any resources. (Or is your network lacking security on important files and/or directories, so all users get default access? If so, *there* is your primary issue!)

Even if your only concern is that war-driver X not be able to bum free Internet access off of you - that's solvable too. If you set up a front-end that requires authentication before using the web (or ftp), you can stop that. Of course, your employees might resist the inconvenience of having to "log in again" to use the net each time.... but hey, you should really be logging what sites they're visiting anyway if you're concerned about security and legal liability.

Latency modulator hack.

[Xapp]

Assuming they use timed response averages to triangulate the devices position, it should be a simple matter to programatically fluctuate response times. This would at least make automatic proximity exclusion un-reliable (we don't want to drop the guys in white hats and we can't tell if this guy is wearing a white hat so we'd better not kill this connection). And as usual at this point i am rambling on.

Go ahead. Mod me down.

Re: re-checking for access points?

[RollingThunder]

You raise some good points, but Joe Salesman plugging in an AP - even if it's already strictly against policy - will usually be a big problem.

If conference rooms are set up to allow outsiders, then if you're sane (and you were able to get your bosses to cough up the money, admittedly), it's set up in a DMZ of it's own, unlike the internal networks.

Now, I set up my DHCP in a paranoid fashion - if I don't know the MAC, it doesn't get an address... but that's often not workable for bigger places, and if the WAP-adder has enough technical savvy, he may realize he needs to make his WAP pretend to be his old box by MAC, and get on that way. If the WAP is handing out it's own addresses to those that connect by it, now you can't MAC filter anymore.

And once the person's on the inside LAN, a little bit of arpflooding (which, admittedly, your IDS should be picking up, but folks often don't have them internally because of the false alarms all the time) will make the switches failover and start acting like hubs - and he can sniff away at traffic to get passwords.

In essence, I view it not as re-checking for AP's specifically, but just another part of the constant check and recheck of your setups that you need to do to see if something has been changed in a way to break access controls that exist. HIDS, NIDS, tripwire, etc all factor in to this, making sure you haven't opened up a new vulnerability is just part of the big picture. It won't make you safe in and of itself, but neither should it be ignored based on trust that the rest is all "strong enough".

NATALIE PORTMAN NAKED AND PETRIFIED

NATTY'S TITTIES!

There's a much more interesting use for this...

[ecloud]

...than security.

Remember this? They used an ultrasonic echo-location system to build a spatial "mouse" which could be used to turn posters on walls into "smart posters" (click here to turn the lights on and off, etc.) and also to track users within their lab, so that your phone calls are forwarded to the phone nearest you, etc. At the time, I thought, how redundant... they need ultrasound for tracking and an RF system of some sort to transmit "clicks". Why not just use a wireless network and come up with a triangulation method to find the location of the WiFi device using its own emissions. Well now it's been done. So it should be possible to use a PDA with a WiFi card as that magic 3D mouse thing. Imagine having location-relevant UIs for things: as you walk down a hall you get light-switch controls on your screen for nearby rooms, a map, the meeting schedule for the nearby conference room, reminders about stuff you need to do while you are in this area of the building, instant-messaging informs your colleagues that you are nearby, etc.

Of course for smart-poster purposes, the resolution ought to be better (1 meter isn't good enough) but perhaps that could be improved.

I think in the future location tracking will usually have 2 tiers: outside you use GPS, and inside buildings you use radio-triangulation of some kind. It will be a sort of standard eventually. Because you need higher resolution indoors, for various reasons. And since buildings don't move, the building triangulation system can tell you precisely where the building's "origin" is in lat/long space, so you would still be using GPS-style coordinates, just with greater accuracy in indoor situations. Instead of being deprived due to the fact that GPS signals don't penetrate well enough, you actually get better quality.

Anybody else tired of security always being in the limelight? Yes we need that kind of geek very much, but fundamentally their job is a lot more boring than what's going on in the research labs... And these security "mine's bigger than yours" wars are getting almost as annoying as the MS hate-fest, or the Apple hate-fest of a decade ago.

misunderstanding

A lot of people are misunderstanding what Ekahau's technology does. They merely provide a way of easily creating and maintaining database that links RSSI measurements to locations. Mobile devices ask for their own locations and presumably required software to capture the RSSI measurements. It is not a tool for network owners to track the locations of uncooperative clients.

Re:Assimetric aerial (and a new hobby)

> Yes, it will confuse it.

Bzzzt...

> Their method will probably even fail if you switch WiFi cards.

Cards can be calibrated as well.

> My access point has antennas that can be moved into different polarisations, and in an off-colour configuration, access without line-of-sight becomes really spotty: it works in one place, and a few feet to the side it stops.

Ok, now from the RSSI point of view you can easily distinguish locations a few feet away. Now imagine for example four APs like that and figure out how many locations you can trivially distinguish with all those RSSI combinations. Then build some intelligent algorithms on top of that.

Been there, done that.

RF Monitor Mode

[Andy+Dodd]

http://www.kismetwireless.net/
While it wouldn't be implemented on the AP itself, 3-4 cheapo PCs with WLAN cards could easily be set up as packet sniffers that would show signal strength of all clients in the area.

http://www.instant802.com/ (I think) - AP with open firmware.

Bah...

[Andy+Dodd]

Well, I see you've already been modded down.

Good.

Except for the smallest of businesses, more than 1 AP is needed.

My building has at least 4. (Using Cisco LEAP - Our admins aren't stupid.) I believe one in each end (north/south) on each floor. I would classify ourselve as medium/small. (2-floor building, not that large. There are MANY office buildings in this area that are MUCH larger)

Power Glove

[Andy+Dodd]

The Mattel Power Glove also worked this way

Antenna

[Andy+Dodd]

Big problem with your system - The Pringles antenna

Using an antenna like this will make your position fix dependent on not only the client's position but on its orientation too.

I suggest trying an omnidirectional antenna of some sort. (http://www.aerialix.com/ has cheap kits based on the Guerrilla.net designes)

Re:Antenna

[kazad]

Ah, that was a concern of mine, but I thought of two ways to fix it. 1) Point the directional antenna directly upwards. In this scheme we are interested in getting a unique signal profile, not necessarily the strongest signal, so I think this should be ok. Pointing upwards (hopefully) does not depend on orientation. 2) For a robot, take the orientation into account. I plan on putting a digital compass on my robot, and aligning it to the proper direction when taking a location measurement. Admittedly, the orientation issue is a real one, but hopefully one of these methods can get around it.

Re:Assimetric aerial (and a new hobby)

[driehuis]

Cards can be calibrated as well.

Uh-huh. I agree. But I think I pointed out that if you control the client PC cards, you have an entirely different situation than the big brotherish scenarios where unwilling users were to be traced, that started this whole thread.

I recently made a tour of a mountain side, and according to my GPS wound up 100 meters higher than the top. To my recollection, I had at least one foot in solid contact with the mountain at any time. I checked the GPS's reported EPE and the difference between its datum and MSL, but neither could explain that difference. Signal reflection could.

My IEEE 802.11b card has an external aerial that I can orient for maximum interference (and of course, I've been toying with that to explore the interactions with my adjustable base station antenna, weren't you warned that /. is a geek site?).

Last Post!

[alpg]

I have a hobby. I have the world's largest collection of sea shells. I keep
it scattered on beaches all over the world. Maybe you've seen some of it.
-- Steven Wright

- this post brought to you by the Automated Last Post Generator...