Locate Any WiFi Router By Its MAC Address

coderrr writes "SkyHook Wireless has been wardriving the US for years creating a huge database mapping wireless routers' MAC addresses to their physical locations. They provide an minimally documented API (docs here) which allows anyone to query the database directly for any MAC address. This could potentially allow some malicious individual to find out exactly where you live. Of course for them to get the MAC of your router in most cases will require either being infected with malware or some sort of social engineering attack... Imagine if you got a phishing email that included your home address."

Security

This is exactly why it's a *good* idea to steal internet access from the neighbors.

Re:Security

Has anyone told them about the recent troubles in San Francisco?

I smell a contract!

Re:Security

[cant_get_a_good_nick]

My niece asked me this, should she jump on someone elses WiFi, but this happened right after the big kerfuffle about the DNS hack.

You realize that you're giving all your data and control over to a machine that you don't control. You hope that it's open because the person is either an idiot or a good guy, but you have no evidence of either at that point. Even something as simple as checking your mail might give people access to your inbox, and all the 'password reset' notices you get.

Re:Security

[Eil]

HTTPS much?

Re:Security

[Xenna]

That's why I tunnel over OpenVPN...

Re:Security

[novakreo]

You realize that you're giving all your data and control over to a machine that you don't control.

Isn't that what you already do with your own ISP? How do you know that some bored guy there isn't already eavesdropping on your data? Or even someone at your ISP's upstream provider?

Re:Security

[DaVince21]

Because they likely have to sign a special contract forbidding such actions or placing it into confidentiality when applying for a job at that ISP? I don't think any ISP would allow for an employee to breach their clients' security like that.

Re:Security

[You+ain't+seen+me!]

You realize that you're giving all your data and control over to a machine that you don't control.

Isn't that what you already do with your own ISP? How do you know that some bored guy there isn't already eavesdropping on your data? Or even someone at your ISP's upstream provider?

They'd have to have a very small dick or be on name terms with some widowed millionaire princess in Nigeria if they're interested in reading most of the mail that I get.

Quick!

Someone tell San Francisco!

Re:Quick!

[denis-The-menace]

why bother. they are too stupid.

Legality of this

[ilovesymbian]

Er, isn't it illegal to wardrive in some states [Florida] in the first place?

And then putting out the MAC address publicly, like finding someone's SSN and posting it publicly. Oh, I guess its the owner's fault for not securing it.

Re:Legality of this

[creepynut]

Unless I am mistaken, securing a wireless router does not stop anyone from seeing its MAC address.

Re:Legality of this

[Spazztastic]

And can't you find the MAC address of any broadcasting router in the first place? Simple utilities like Netstumbler or even the built-in Dell wireless software's site monitor lets you find it.

Re:Legality of this

Comparing an SSN to a MAC? *Chuckles*

Re:Legality of this

[grayn0de]

Only when the person is too much of a poser to not find the hidden SSID. Not everyone knows how, though it is incredibly simple. That is the reason why we have security through obscurity, to begin with. Also, to comment on the topic, it does not take social engineering to find the MAC address for a router. Almost every stumbler does that, by default, out of the box. Many will show that there is a hidden SSID, but they may still show the MAC address. Even if they don't, the SSID can be found and the router cracked.

Re:Legality of this

[creepynut]

I should have been more specific, by "securing" I meant encryption. As far as I know, even using WPA won't encrypt any MAC addresses.

Pulling open Network Stumbler is evidence of this, it will show all networks, with the router MAC. It will show hidden networks, just without the SSID (which can be found by other means anyway). I

Re:Legality of this

[Sethb]

Yep, there's even a company called Navizon that's building a competing service to Skyhook, yet they pay individuals to collect the MAC addresses (as well as Cell tower IDs) with their GPS-equipped devices, so that those without GPS can still obtain their location. It integrates with the new Fire Eagle software/service from Yahoo too.

Here's a link (with my referral code inserted): Navizon

Skyhook has zero data in the city I live in, though I did eventually figure out how you could submit a MAC and coordinates to their system, and fed mine in, so at least my iPhone-owning friends will know where they are when they're at my house...

Re:Legality of this

[Collective+0-0009]

What's funny is that SSNs and MACs are very similar. They are both unique identifiers. The only reason you see it as different is that SSN has been treated more like a password than a serial number.

Re:Legality of this

[ElectricTurtle]

That, and MACs aren't a serial number per se (granted blocks of them are assigned to specific manufacturers, but there's a reason that network hardware devices always have S/Ns in addition to MACs), they are ADDRESSES. They are SUPPOSED TO BE KNOWN. It makes no sense that people would freak out about somebody knowing the MAC address of their wireless but not the street address on their mailbox. Oh noes! Somebody might use their 31337 h4x0ring skillz to send me spam and phishing attacks to my interweb mail! Like they don't already? Somebody could send a pipe bomb to your physical mailbox too. Better hide that address, oh wait, you can't.

Stop scaring the sheeple. I know it's kind of fun, but it's bad in the long term. That's how we get stupid legislation like banning wardriving or public access points/mandatory encryption.

Re:Legality of this

You would have to stop broadcasting your BSSID, but even then I would think you could find out what the MAC is.

Re:Legality of this

[BountyX]

awsome sounds like GPS proxies are on their way

Re:Legality of this

thats why I change MAC on router as well as on PC. its trivial to change MAC and can be done in seconds. just google for "mac address changer" what else can i say.

Re:Legality of this

No, it's more like finding someone's P.O. box and posting it publicly.

Re:Legality of this

[wagnerrp]

That, and MACs aren't a serial number

The only unique identifying number on my Intel NICs is the MAC address... so I guess in this case the MAC IS the serial number.

Re:Legality of this

I don't understand this statement:
"Of course for them to get the MAC of your router in most cases will require either being infected with malware or some sort of social engineering attack"

Because when I do a: '/sbin/iwlist wlan0 scan' I see all the mac address of all routers within the range of my laptop.

Re:Legality of this

[RiotingPacifist]

What's funny is that SSNs and MACs are very similar. They are both unique identifiers. The only reason you see it as different is that SSN has been treated more like a password than a serial number.

Only they are not unique identifiers their just identifiers and they are also ridiculously easy to change (due to not being unique this is useful)

Re:Legality of this

[ElectricTurtle]

You're seriously telling me that there are no other numbers on the PCB? Granted sometimes they put the serial on a sticker that falls off, especially older cards.

Re:Legality of this

[profplump]

I'm seriously telling you that on a several network interfaces I've owned there is no unit-specific ID other than the MAC. Why would there need to be?

Re:Legality of this

[profplump]

They must be unique IDs to work correctly. And they are supposed to be assigned as unique IDs, though I agree that does not always happen. But that's like claiming that your mailing address isn't a unique ID because someone on your block mislabeled their mailbox.

Re:Legality of this

[redxxx]

Er, isn't it illegal to wardrive in some states [Florida] in the first place?

You don't have to log into the network to wardrive. Passive wardriving isn't illegal, though people(well at least one) has been prosecuted for accessing unencrypted wireless networks.

Re:Legality of this

I *can't* stop broadcasting my BS(sid), you insensitive clod!

Re:Legality of this

[clone53421]

Point being, they already know "physical address:MAC address". They don't know "email address:physical address" but if they can obtain "email address:MAC address" (via social engineering or malware) they can connect the pieces and tie your e-mail address to your physical address. So they have to e-mail you asking for your MAC address (or convince you to install something that'll report back and tell them what it is).

Re:Legality of this

[clone53421]

It's more like saying that your mailing address isn't a unique ID because somebody else also lives at 123 Main St... in a different postal code. The MAC only has to be unique on your local network, i.e. someone in a different "community" can have the same "address". Your IP address is what is unique, but the problem with IP addresses is that they must only be unique at a single point in time. It's a bit like trying to trace someone by their address when everyone in the community moves every few days. The MAC is more like their legal name: we assume it's the same even if their address changes, but it's possible to have one's legal name changed too.

Re:Legality of this

[camperslo]

Unless I am mistaken, securing a wireless router does not stop anyone from seeing its MAC address.

IIRC, some tools can show the MACs of connected clients (both wired and wireless) on the router as well. Kismet and Kismac come to mind.

Re:Legality of this

[camperslo]

Stop scaring the sheeple. I know it's kind of fun, but it's bad in the long term.

The first half of the MAC identifies a manufacturer. Many manufacturers have multiple entries which in some cases may make it easy to spot a particular product.
That could lead to thieves targeting locations with premium machines (MacBook Pro etc).
I saw an online posting indicating that this was happening nearby, but heard no mention of it in the local media so I don't know if it is true. It certainly is possible.

Re:Legality of this

[ElectricTurtle]

And once again back to meatspace, if you live in a mansion, that's a more attractive target than a crapshack. So what. Are all the millionaires going to switch to living in crapshacks just so people don't see an incentive for burglary? I don't think so.

Re:Legality of this

so at least my iPhone-owning friends will know where they are when they're at my house

Wow, I knew iPhone customers were stupid but I didn't think they were borderline retarded as to not know where the hell they are, even at a friend's house.

Re:Legality of this

[www.inkampus.com]

Even if they don't, the SSID can be found and the router cracked.

One way to prevent connecting to hidden SSID is to limit which MAC address can connect to the router and have a strong encyption set up (WAP, WEP, etc key).

More details to get you started: http://www.practicallynetworked.com/support/wireless_secure.htm

Re:Legality of this

[Z80xxc!]

On most routers however, the MAC address of the WAN port is different from that of the LAN ports is often different from that of the WLAN interface. So just by stumbling your network, they won't know your WAN MAC, which I think is what they are referring to in this article. Or maybe I just misinterpreted it.

Perfect for scaring people

[QuickFox]

This is perfect for when IPv6 takes off, with its built-in MAC address. Then my website can scare people shitless by greeting them with a note saying exactly where they live.

Re:Perfect for scaring people

[QuickFox]

"Welcome to my website! By the way, would you like me and my biker friends to pay you a visit at your home on Small Street? Or else, if you prefer, how about you help fill my tip jar? $50 will be fine."

Re:Perfect for scaring people

[mcmonkey]

Imagine if you got a phishing email that included your home address.

You mean like the spam that shows up in the actual mail box most days?

That stuff has my address on it, yet I still recognize it as spam. How is this any different?

Must be a web 2.0 thing.

Re:Perfect for scaring people

[Lennie]

Also it already does this, the headers usually include a lot of information already internal (behind the firewall) IP-addresses and/or computer names, etc.

There is also spam that just resends your own emails to different people you didn't send it to before.

Those are the really scary ones.

Re:Perfect for scaring people

[Roberticus]

Combine it with a Google-Street-View-app that pops up a picture of their house... "Oh, look, Roberticus, there you are! Nice to see you..."

I might cut my ethernet cable right then and there.

Re:Perfect for scaring people

I think the worst thing about this, privacy wise, is that it will allow any program to RARP your router and figure out where you live.

Re:Perfect for scaring people

[greenzrx]

Hmm. not sure i'd know if spam had my home address on it. I rarely read what lands in my spam folder anyway.

Re:Perfect for scaring people

[Bright+Apollo]

To which I'd reply, on their comments page: "I live in Paterson, NJ. Come and get me, motherfucker."

--#

Re:Perfect for scaring people

[blair1q]

You mean as though you looked up their name in the phone book?

Duh.

One of the points of IPv6 is to get rid of the kind of Internet invisibility that allows spamming and phishing to flourish. Being on the Internet will be like being in public. Privacy will be opt-in. Any community you join will have to agree to allow you to hide yourself. You will be able to hide your identity from other users on a content provider (like here on /.) but you won't be able to hide from the content provider as you DOS his account-creation system or scan his ports.

Will this create tracking-privacy issues? Sure. But we can deal with those by exercising our right to control the agencies that would use that data. It will prevent much more pervasive problems involving people we don't have legal control of until we catch them.

You will have the same freedoms you now have - maybe more as you won't have to alter your personality to duck from the trolls or hide your email address from spammers; your security will be increased; and your in-box will have your email in it instead of a flaming bag of crap every morning.

Re:Perfect for scaring people

[QuickFox]

IPv6 does support anonymity — see RFC 3041. But I ignored that since it would spoil my nice joke.

Traceable IP numbers would not help against spam and DOS, because that's perpetrated through botnets, not through direct contact.

Re:Perfect for scaring people

[QuickFox]

No problem, you can opt out. As long as a few thousand people do pay me each year, I don't mind a few opting out.

Just don't complain when we come to visit.

Re:Perfect for scaring people

[3247]

Your IPv6 address will include your computer's MAC address, not your access point's.

Re:Perfect for scaring people

[nurb432]

Except standing in public no one knows who you are.

Id rather stay anonymous on line as well, thank you very much.

Re:Perfect for scaring people

[blair1q]

If you do something to disturb the peace, everyone will know who you are. It will be a matter of public record.

Re:Perfect for scaring people

[nurb432]

And if im just idling standing by look at the birds ( be it in the park or online ) no one has a right to know.

Removing anonymity online ( well what is left of it anyway ) tosses that out the window.

Re:Perfect for scaring people

I actually received quite a few emails with my home address in them as that's easily retrievable and matched from my registered domains, until I decided to anonymise the email address in those...

As blair1g says, I'm not sure how you would instead do that from a MAC address ?!

Re:Perfect for scaring people

[klui]

The folks (non .gov address) who "help" individuals get their DTV converter boxes does this. They have a form where people input their name, real/email address and subsequently sell that entry to companies that spam the email account.

Someone just bought an iPod Touch, eh?

[Robotech_Master]

That's the only reason I can think of for this story suddenly coming up right now--this is what the iTouch uses for its location-detection (and I suppose the iPhone uses it, too, in conjunction with its cell-tower/GPS thing). I never knew about it until I had reason to look it up and find out how my iTouch knew where I was.

I thought it was a little creepy the first time I realized my iTouch knew more-or-less my exact location--but on the other hand, it's also kinda neat. Too bad it only works in urban areas.

Re:Someone just bought an iPod Touch, eh?

[sammy+baby]

It also has some odd bugs. A few weeks ago I was in a Starbucks in suburban Philadelphia, and my iPhone (using the Starbucks wireless network) put my location as being somewhere in Washington state. Whoops.

Re:Someone just bought an iPod Touch, eh?

Too bad it only works in urban areas

naw, dude, I live out in a suburban development, there are cows closer to the nearest urban area than me, and once you pass the development I live it, its nothing but farms for 300 miles. I places me at the end of my driveway using this... I had Navizon on my hacked iPhone, it placed me in my development, but not accurately. The iphone 2.0 firmware update included this ability, and places me within 150 ft of my house (end of driveway). I'm not sure which uses which service, but its pretty damned accurate.

Re:Someone just bought an iPod Touch, eh?

[RiotingPacifist]

hmm, i wonder how much fun can be had getting mac fanboys lost using macchanger and this

Re:Someone just bought an iPod Touch, eh?

[PsyberS]

Actually, the fact that it "only" works in urban areas is just fine. GPS more or less works everywhere, but one place it definitely can have issues is in urban areas with a lot of high-rises. You add in something like this, and now you have a backup for when GPS fails. Thus, your iPhone can almost always figure out your location, which is the whole point.

Maybe.

[Bill,+Shooter+of+Bul]

So all I have to do to be "safe" is to change the Mac address the router spits out? Ok. Not that there was any real risk to begin with. As the summary says there would have to be some malware present that had access to my internal network to send the mac to then look it up. Plus, I don't have the same router I did a year ago. Plus, they'd have to figure out which house I live in. Plus, I think spam with my address wouldn't phase me.

Re:Maybe.

[Lumpy]

Exactly. I dont know what hey use for wardriving, but my stuff can not tell me that router B is in that white house across the street while router C is in the brick house with a pentagram painted on the front door next to router A that is in the doghouse in the back yard of that red teepee.

The story is 90% hooey with 10% sensationalism thrown in for fun.

Re:Maybe.

[bhtooefr]

At driving speeds it's harder to find out, but at walking speed (if you actually are on foot, it's warstumbling,) you can easily see the signal strength go up as you walk by the house that the router is in.

Re:Maybe.

[clone53421]

Two points using directional equipment. If they've got the equipment, it's trivial to get a fix.

Re:Maybe.

[ColdWetDog]

The story is 90% hooey with 10% sensationalism thrown in for fun.

Sadly, that's a pretty good signal-to-noise ratio for a recent Slashdot submission.

Grumbles.

Re:Maybe.

[bill_mcgonigle]

but my stuff can not tell me that router B is in that white house

Why don't you put one directional antenna on each corner of your car and an omni on the roof and to the trigonometry on the relative signal strengths?

I mean, if you really needed that info.

Screw you guys, I liked the movie.

Of course for them to get the MAC of your router in most cases will require either being infected with malware or some sort of social engineering attack.

NORM : Security, uh Norm, Norm speaking.

DADE: Norman? This is Mr. Eddie Vedder, from Accounting. I just had a power surge here at home that wiped out a file I was working on.Listen, I'm in big trouble, do you know anything about computers?

NORM: Uhhmmm... uh gee, uh...

DADE: Right, well my BLT drive on my computer just went AWOL, and I've got this big project due tomorrow for Mr. Kawasaki, and if I don't get it in, he's gonna ask me to commit Hari Kari...

NORM: Uhhh.. ahahaha...

DADE: Yeah, well, you know these Japanese management techniques.... Could you, uh, read me the number on the modem?

NORM: Uhhhmm...

DADE: It's a little boxy thing, Norm, with switches on it... lets my computer talk to the one there...

NORM: 212-555-4240.

So what?

[Inominate]

If someone has some sort of malware running on my computer, they don't need my router's MAC address to find out where I live. And in that case, them knowing where I live is the least of my problems.

Quick, Change your MAC!

[homesnatch]

Most routers these days let you assign or clone a MAC address. If you find your MAC address on the list, change it.

Re:Quick, Change your MAC!

[stretch0611]

Change your MAC?

If you are one of the unfortunate people to be stuck with Comcast (or probably a bunch of other cable companies,) Comcast will charge you to update their records.

With a cable modem under Comcast, your Mac address is your login key.

Re:Quick, Change your MAC!

[papasui]

While I can't speak specifically for Comcast, most cable companies do not use the CPE mac address. The cable modem's HFC mac address is what it used to authorize service. What can and likely is done is that a limit is set on the number of CPE ip addresses that can be handed out (typically your public ip address). Some cable companies set this to 1. The CMTS maintains a table called the cable host which has these entries and they are typically cleared by rebooting the cable modem. If that doesn't work it may need to be manually cleared from the cmts.

Re:Quick, Change your MAC!

The typical wireless home router has three MAC addresses, one for the external wired interface ("uplink"), one for the internal wired network and one for the wireless network. You can change them separately.

Re:Quick, Change your MAC!

[base3]

I have Comcast and change my WAN-facing MAC all the time (usually when I want a new IP address to avoid having a long-term profile built up by Google et al) with no ill effect. And the wireless MAC of a router wouldn't affect Comcast at all. Mine's DE:AD:BE:EF:D0:0D.

Re:Quick, Change your MAC!

[Bishop+Rook]

The typical wireless home router has three integrated networking devices, one for the external wired interface (a "router"), one for the internal wired network (a "switch") and one for the wireless network (an "access point"). A switch does not have its own MAC address, but a router and an AP do.

Re:Quick, Change your MAC!

[mpicker0]

The MAC presented via wifi isn't necessarily the same one your ISP sees.

Re:Quick, Change your MAC!

[clone53421]

Ok, a few other people have said basically the same thing I'm going to say, but I thought their answers don't do a very good job of describing the problem for a very non-technical user. Hopefully I'll do better (and if I'm incorrect in any of my statements, I'm sure somebody will correct me... I'm not really an expert).

• Your cable modem has a MAC address which can be seen by Comcast and any computer on your personal network.
• Your wireless router has a separate MAC which can be seen by anyone close enough to get the signal (or who's plugged into the wired ports on the wireless router itself).
• Your computer has its own MAC address, which is visible to any other computer on your network (on your side of the cable modem).
• Any other computer, printer, or network device on your network has a MAC that is visible to other devices on your network.

In other words, there are a lot of MAC addresses on your local network. The key point is this: A wardriver will get the MAC of your wireless router (well, if he connects to the network he might be able to get MAC addresses of your other equipment, but that would only be possible on an unencrypted network). You can change that safely, because it's not the MAC that Comcast sees. (On a related note, changing the MAC on your computer's network card, whether it's wired or wireless, isn't going to be effective, because that's not what a wardriver is going to see. If you're "visiting" someone else's wireless network, then changing the MAC of your wireless card will anonymize you a little, but that's useful because you don't trust the network – in other words it's a different scenario. You generally "trust" your own network.)

Re:Quick, Change your MAC!

Puddleboy says it's a bad MAC? what gives?

Re:Quick, Change your MAC!

[Bishop+Rook]

...thank you for saying the exact same thing I said but with more words?

VLANs don't even come into play in a typical home router/switch/wireless AP combo. They're designed to have every host attached to the native VLAN. I'm not sure what you mean about the interfaces being virtual (what interfaces?), but again, a switch doesn't have its own MAC address. Routers, APs, and hosts do, switches don't.

Re:Quick, Change your MAC!

[Silicon+Jedi]

Mod Parent up +1 Insightful I do this shit all day long.

Re:Quick, Change your MAC!

Look, if you don't know what you're talking about, read up on it or shut up. Alternatively, open your home router and follow the traces from the Ethernet sockets, then come back and revise your statement about VLANs not being used in home routers. The actual hardware does not match your crude "network device" abstraction.

Re:Quick, Change your MAC!

[Bishop+Rook]

LOL. You must have missed the part where I said:

They're designed to have every host attached to the native VLAN.

"Native VLAN" == VLAN001, BTW.

If you can find me some way to specify different VLANs for different ports on, say, a Linksys WRT54G with default firmware (in other words, like 98.75% of the home market), I'll cede the point.

Somebody who tells someone else to "open your home router and follow the traces from the Ethernet sockets, then come back and revise your statement about VLANs" should not be the one telling others to "read up or shut up."

As for my "crude network device abstraction," you might want to inform Linksys of that so they can stop advertising their WRT54G as:

The Linksys Wireless-G Broadband Router is really three devices in one box. First, there's the Wireless Access Point, which lets you connect both screaming fast Wireless-G (802.11g at 54Mbps) and Wireless-B (802.11b at 11Mbps) devices to the network. There's also a built-in 4-port full-duplex 10/100 Switch to connect your wired-Ethernet devices together. Connect four PCs directly, or attach more hubs and switches to create as big a network as you need. Finally, the Router function ties it all together and lets your whole network share a high-speed cable or DSL Internet connection.

Re:Quick, Change your MAC!

[Bishop+Rook]

I see, you may have been referring to something like this schematic. It is in fact the crude abstraction.

VLANs are specified by port, not by wire. Between the port on the switch and the switching fabric/switch processor, there is no such concept as a VLAN. Once the switch has processed an incoming frame, it determines what VLAN the frame belongs to by which port it came in on. It then broadcasts it out to any other devices on that switch on the same VLAN and, if there are any VLAN trunk interfaces set up, it tags the frame with the VLAN ID and sends it out on the trunk.

That diagram is a rough schematic of data flow, not of the actual electronics behind the device. However it does roughly show the three components of the device--the switch on the bottom, the router on the top left, and the access point on the top right.

Note that there are exactly two interfaces on that device which would have a MAC address--eth0 of the router is one, the AP's wireless interface is the other.

Re:Quick, Change your MAC!

[ColdWetDog]

You have to be a jedi to do that? Do you do it with a light saber? That would be cool.

(Too bad it got modded 'interesting'.)

Re:Quick, Change your MAC!

[Muad'Dave]

Mine's DE:AD:BE:EF:D0:0D

Dude! That's the combination on my luggage! Now I'll have to change it to DE:AD:BE:EF:BA:BE !

Re:Quick, Change your MAC!

Dude, you really haven't the faintest idea. The two virtual interfaces (implemented on top of the actual physical Ethernet MAC), representing the uplink and the local network interface, have MAC addresses (one each). The wireless interface is another interface with another MAC address. That's three MAC addresses total, one for the uplink, one for the local net and one for the wireless net. Damnit, you can try this yourself: Just connect a computer to each of these interfaces in turn, ping the box and look at your ARP cache. Also, do open your router and look at the traces. You're in for a surprise. Besides, you must live in a strange world, where routers have only one MAC address.

Re:Quick, Change your MAC!

[homesnatch]

I have Comcast, and can change my MAC Address without issue. 1. Change MAC 2. Reset cable modem 3. Back online, albeit with new IP address. At least in my area, they have abandoned their static MAC table.

Re:Quick, Change your MAC!

[Silicon+Jedi]

No, dealing with bouncing customer modems all day is working against jedi-ness.
Leads to anger, and reaching out with the force to choke annoying customers.

Re:Quick, Change your MAC!

[moratnz]

You're getting closer to the truth than some of the earlier posters, but there's an important point that is missing; MAC addresses are tied to interfaces, not devices.

So a wireless router with an ethernet interface will have two MAC addresses; one for the ethernet side of things, and one with for the RF side. So contrary to the article, getting the (RF) MAC of your WAP most certainly won't require any form of hacking, be it social or script kiddie; any device that is able to talk to your WAP, by definition, knows what its MAC address is.

Re:Quick, Change your MAC!

[clone53421]

getting the (RF) MAC of your WAP most certainly won't require any form of hacking, be it social or script kiddie

Very true, but they don't have any way of connecting the MAC (and your physical address) to your e-mail address without asking for it or infecting you with something that reports back to them. It's not the MAC address that you're worried about them having; it's the knowledge that e-mail address X=physical address Y.

Re:Quick, Change your MAC!

[novakyu]

In other words, there are a lot of MAC addresses on your local network. The key point is this: A wardriver will get the MAC of your wireless router (well, if he connects to the network he might be able to get MAC addresses of your other equipment, but that would only be possible on an unencrypted network).

Er, have you ever done "wardriving"? Run kismet (a legitimate network monitoring tool, unlike aircrack, whose only "legitimate" purpose is doing "penetration testing") and see how many MAC addresses you can see.

You don't need to crack the wireless key, WEP or WPA, to see MAC addresses of ALL devices on the wireless. Heck, sometimes you might even see wired devices (like the cable modem), just because some of the packets (I don't know exactly what those would be; could be ARP, or simply unencrypted portions of normal packets) come from those devices to other devices that are on the wireless.

So, while it's true that MAC is public information and exposing it is no more dangerous than exposing your street address or email address, you should know that if you have a wireless router running at all, you are (potentially) exposing the MAC of every single device connected to it---and no, no cracking required, unless typing "kismet" on commandline is considered cracking these days.

Re:Quick, Change your MAC!

[clone53421]

Ok, that was the main point that I wasn't positive on. Is there any way to mask the MACs of the other devices on the network? I don't suppose there is, apart from the off chance that a device happens not to send or receive any packets while the wardriver monitors traffic.

I'm curious, though, how kismet works. Could it be illegal to monitor someone else's network in this manner without their consent? Could it also be possible that even if gathering information wasn't illegal, uploading it to some database would be a breach of privacy? IANAL, but the legality of this seems dubious.

Re:Quick, Change your MAC!

[novakyu]

I'm curious, though, how kismet works. Could it be illegal to monitor someone else's network in this manner without their consent? Could it also be possible that even if gathering information wasn't illegal, uploading it to some database would be a breach of privacy? IANAL, but the legality of this seems dubious.

IANAL, but kismet is no more illegal than FM radio. All it does is listen to traffic (it doesn't even communicate with the router at all). You broadcast your signal publicly; it can't possibly be illegal to pick it up as long as you are not trespassing while doing that.

Now, if you use the packets you pick up and try to do brute force (or, in case of WEP, statistical) cracking, there may be some laws that prevent you from doing that (or at least you could be in trouble if people *somehow* find out), but I can't think of any (IANAL, but somehow, I don't think DMCA anti-circumvention provision applies).

Of course, cracking WEP keys this way takes a very long time, and to do it in a reasonable time, you need ARP packet injection (the sort of thing that aircrack does), but kismet does none of these. All it does is it puts your wireless device in the monitor mode and picks up wireless signals like your radio receiver picks up FM stations.

Re:Quick, Change your MAC!

[clone53421]

I agree that "overhearing" what's publicly visible (radio waves) isn't illegal. The question becomes when you gather information and make it available to other people.

For example, anyone could observe that you've left your house or arrived home. However, if somebody watches your house for 2 weeks and writes down every time you left or arrived, is that legal? If they posted it on the internet, would that be legal?

Re:Quick, Change your MAC!

[novakyu]

For example, anyone could observe that you've left your house or arrived home. However, if somebody watches your house for 2 weeks and writes down every time you left or arrived, is that legal? If they posted it on the internet, would that be legal?

Yes. It is legal---in the U.S. at least, there is this thing called "First Amendment".

When you leave your house, you do not have a reasonable expectation to privacy (one of the few things that can restrict someone's first amendment rights), so, I would guess the same First Amendment rights that lets you publish SSNs of homeowners (although in this case, you are simply re-publishing something that the government already did) lets you publish MAC, which is public information in any case.

Re:Quick, Change your MAC!

[clone53421]

It could also be justifiably considered harassment or stalking, and a restraining order would effectively curtail your first amendment right.

Re:Quick, Change your MAC!

[novakyu]

It could also be justifiably considered harassment or stalking, and a restraining order would effectively curtail your first amendment right.

I'm fairly sure that to make something "harassment", it would have to be more than posting your wireless router's (and other devices') MAC, along with thousands of others' on some website.

Someone posting a MAC address with that device's home address is no more "stalking" than posting a street address with its GPS coordinates on the web (or posting a street address with the picture of the house as seen from public street, if you want to make it more personal---and this is way more personal than MAC addresses).

What I'm saying above is what anyone with a common sense would say (not to mention that there is a similar case where such things were allowed). If you still disagree and want to argue your point, I'd suggest that you come back with some supporting court cases; otherwise you are a simple fearmongerer.

Re:Quick, Change your MAC!

[clone53421]

I was specifically referring to monitoring one's comings and goings when I said it could be reasonably considered stalking or harassment.

Or do you disagree? Particularly if the individual who's monitoring you has a history with you, it's possible to take them to court and get a restraining order. My point was merely that plenty of people have their first amendment rights curtailed this very moment for nothing worse than stalking their ex.

Wrong

[Ancient_Hacker]

You don't need malware or anything else to get a router's MAC address, it's in every packet the router sends out.

And you can't easily get an exact street address from wardriving. All you know is somewhere along the antenna's main lobe there is a router. Could be 10 feet away, could be 500.

And knowing the MAC address is of no earthly use. Well, in the old days you could map it to a ethernet chip manufacturer, but now most routers have changeable MAC addresses.

You can't map MAC address to email addresses either, as the summary claims. Sheesh.

Re:Wrong

[stretch0611]

But certain Microsoft products use your MAC address.

In addition to WGA, I thought that MS-Word used to store your MAC address in the meta-data of the document.

That way you can trace an anonymous doc to a location.

Re:Wrong

[mapkinase]

Hmm... Sounds like someone is marking the place of the fish catch by putting a mark on a side of his boat.

Re:Wrong

[Moskit]

Yup, there is wrong information, but in your comment:
- MAC address is rewritten by every router along way, so you need to be in the same network segment to see it. If you are far away, you might know IP address, but not MAC.
- MAC address would need to be changed between wardriving time and time you intercept it to break association. Most routers do not change address, or change it just once to match cable modem's address.

In practical use the article is correct.

Re:Wrong

The MAC address only exists in the packets on the local link, i.e. the subnet of the router's global address. So to get the MAC by conventional methods, you need to be on the local link which sort of defeats the whole point of this. For someone across the country/globe, however, you would need a system on that local link to be infected with malware wherein it sends the hacker its router's MAC address, then you can look that up to see precisely where they are.

Getting an associated email address, though, is an entirely different thing and not really related to this issue.

Re:Wrong

And you can't easily get an exact street address from wardriving. All you know is somewhere along the antenna's main lobe there is a router. Could be 10 feet away, could be 500.

You certainly could get an exact address, although not with basic wardriving equipment. Since you're scanning from a moving vehicle, you certainly have the opportunity to triangulate the position of the transmitter.

And knowing the MAC address is of no earthly use. Well, in the old days you could map it to a ethernet chip manufacturer, but now most routers have changeable MAC addresses.

Honestly, how many times do you change the MAC address on your router? I'm betting even most geeks stick with the default MAC. As long as people change their MAC addresses slowly enough, this database is certainly still quite useful.

You can't map MAC address to email addresses either, as the summary claims. Sheesh.

Yeah, I didn't read the summary here. Maybe they're sniffing unsecured WAPs to try and pin them to e-mail addresses. Or maybe the database involves some self-registration?

Re:Wrong

It's in every packet sent to your ISP, after that good luck finding it.

Re:Wrong

[Viol8]

"You don't need malware or anything else to get a router's MAC address, it's in every packet the router sends out."

That may be the case, but that address only goes as far as the next router down the chain so unless someone is connected to the original router by a physical connection they'll never find it out - you can't wardrive a cabled network.

  Wifi OTOH using radio allows anyone in range to find out its address. Thats the problem.

Re:Wrong

[Bishop+Rook]

The article is not correct, because it presumes that there is some way for some random hacker across the globe to easily associate my MAC address with my e-mail address. Unless you're inside my network, you don't know what my MAC address is. And if you're inside my network, I've got lots more to worry about than a weak phishing attack.

Re:Wrong

Unless you are creating Word documents (or running Windows) on your wireless access point, I don't see how this is an issue.

Re:Wrong

[Toll_Free]

I'm sorry, but you are wrong.

With simple algorithms (implemented in some OS drivers), you can attach multiple antennas to one card and do direction finding.

With more than 1 person, you can triangulate.

You can do simple tests with both directional antennas and omni antennas, and get someone down to their house in about 15 minutes.

A PDA with NetStumbler and a laptop with external wireless antenna adapter is all that is needed.

I know for a fact. I JUST did this to AT&T to prove to them my next door neighbor had DSL when they said I couldn't get it. Imagine their surprise when I gave them his address, login and WiFi AP name? :)

--Toll_Free

Re:Wrong

And you can't easily get an exact street address from wardriving. All you know is somewhere along the antenna's main lobe there is a router. Could be 10 feet away, could be 500.

Perhaps if you're a crude wardriver. If you're sophisticated, and use a directional antenna on a rotatable mast, or multiple antenans, you could quite easily locate the AP to within a few meters, driving down the street.

The technology isn't hard (it was used in bygone days to do TV viewership ratings, by looking for LO leakage from the tuner, it was used in the UK to find folks who hadn't paid their TV tax, it's used today to find leaks in cable tv systems)

Re:Wrong

[Ancient_Hacker]

>Wifi OTOH using radio allows anyone in range to find out its address. Thats the problem.

What's the problem with knowing a MAC address?
The MAC is not a key to anything except sending a packet to the router. Which is the whole point of having a WiFi router.

Re:Wrong

[gad_zuki!]

Exactly, if you can see the mac address then youre on my router and you can guess I'm nearby.

This is just as bad as those malware ads that advertise "YOU ARE BROADCASTING YOUR IP"

Re:Wrong

[mypalmike]

Actually, the next router on the chain will see the MAC address of the WAN ethernet port, which isn't generally the same MAC address as the radio broadcasts.

But you are certainly correct that it's a link-layer protocol that goes no further than 1 hop.

Re:Wrong

Not unless you're running Office on your router.

Re:Wrong

Except that the MAC address in this database is the MAC address of your *wireless router*. Unless you are running MS Word on an access point, you can't trace word documents to a physical location.

Re:Wrong

[Ancient_Hacker]

Read the original posting. They were talking about wardriving to collect tons of addresses, not spending many minutes driving in circles around a block to hone in on one specific point. That is of course doable in principle, if not practical. And even so, of what use is knowing that 123 Easy Street has a router named "linksys_2367443" ?

Re:Wrong

[damicatz]

MAC Addresses operate at the data-link layer (OSI Layer 2). The data-link layer deals solely with intranetwork communication (communication between computers in a single network). The IP Address deals with the computer on a logical/software level. The MAC Address deals with the computer on a more physical level. Anytime you send a data unit from one computer to another on the same network, the MAC Address is what it used to determine where that data unit should go and/or which computer that data unit is intended for. If Computer A wants to send a packet to Computer B on a different network, it has to go through a router. This is where IP Addresses really come into play. A MAC Address doesn't contain any information that identifies a particular network, it's just an address so you can't take a MAC Address and use it to determine what network that computer is on. In order to forward the packet from Computer A on Network A to Computer B on Network B, the destination MAC address on the frame of data intended for Computer B is changed to the MAC Address of the Router's Interface on Network A. The Router then recreates and sends this dataunit on Network B with a source MAC address of the router's Network B interface and a destination Mac address of Computer B. Because of this, it's impossible to get someone's MAC Address over the internet simply by using a packet sniffer. The MAC Addresses are changed everytime the dataunit passes through another router so the MAC Address you'd see on a frame you received over the internet would be the MAC Address of the last hop and not the originating computer.

Re:Wrong

[blueskies]

You don't need malware or anything else to get a router's MAC address, it's in every packet the router sends out.

You need malware if you aren't on the local network. The MAC address only makes sense at the IP layer. And the packet the router sends out on the Ethernet side is going to have the wrong MAC address anyway.

And the MAC address does have a use if you can map it to a location.

Re:Wrong

[clone53421]

They could try to manipulate you into revealing your MAC through social engineering. Say they posed as a net admin... maybe they'd claim your wireless router was interfering with other wireless devices in the area and they needed you to send them the 12-digit code printed on the bottom of the wireless router so they could run a diagnostic. Obviously you wouldn't fall for that, but enough people would that it's something to worry about.

Re:Wrong

[Bishop+Rook]

The key word was "easily."

If you already have enough information to convince me you're my net admin and get me to give you some unintelligible code from the bottom of my router, and/or I'm gullible enough to fall for it, what extra benefit will you get from possibly knowing what street I live on, if somebody has wardriven past me and logged it?

Hell, you can just do a geographic IP lookup and get close enough to fool most gullible people.

Re:Wrong

[clone53421]

Not much, unless some phisher offers to "diagnose interferens caused of your wireless device" and successfully convinces you to e-mail him your router's MAC. Then he queries the database, and hey look, there's your address!

Re:Wrong

[clone53421]

Good point, however, a phishing/social engineering attack won't initially have your IP address either (just your e-mail address). So there's two points of potential attack. If they obtain your IP they could get a semi-accurate fix; if they obtain your MAC it's possible that they could get a really good fix (triangulation could easily give much more accurate information than merely what street you live on). Like you said, gullible people are easy to fool, but there will always be the odd person who would be worried about revealing their IP but naively reveals their router's MAC.

If they can fool you into revealing the MAC, they also potentially have a much better fix and you've already established yourself as a gullible individual... say they pose as some governmental agency and know the exact physical address of your home; just imagine the fun things they could think of.

Re:Wrong

[forand]

I think you missed the point of the original statement. The database is useless for finding where a specific person lives unless you have the MAC of their router.

Re:Wrong

[Splab]

While getting the exact address is impossible except for remote locations, phishers really don't need it - if you know what neighborhood the machine is located in you can still make a very very "personal" offer just for this one surfer. Imagine someone seeing an "ad" from the local Wallmart including authentic pictures and whatnot claiming they have won a frequent shopper something or other - they just have to fill in some details.

The more personal the attack is the higher the likelihood of people falling for it.

Re:Wrong

[3247]

There is no problem with knowing a MAC address.

There is no problem with knowing other small pieces of information, which seems to be useless.

However, there is a privacy problem with knowing a lot of these small pieces of data.

Re:Wrong

[NynexNinja]

Also, just because you know a particular routers MAC address, doesn't mean it has any useful purpose past the first hop, as your local MAC address of your router will never get transmitted past the first hop. By the time the TCP/IP packet arrives at its destination, the MAC address on the sending side will be of the last hop router. So, basically, although creating a huge database of MAC addresses to GPS coordinates might seem to be clever, in reality it is very useless because no one is going to be seeing the MAC address of my router past the first hop.

Re:Wrong

[Have+Blue]

I didn't realize assisted GPS referred specifically to cell tower triangulation and not any other GPS augmenting technologies, but:

At the Macworld Conference & Expo in January 2008, Apple CEO Steve Jobs announced that both the iPhone and iPod touch will use Skyhook's WPS as the primary location engine for Google Maps and other applications.[4]

Many MACs are not written in stone

I've always used amusing phrases and repeated words on any AP or NIC that lets you change the MAC (tons of linksys models for example)

Its pretty funny what you can come up with only 0-9 and ABCDEF :)

Fate

[igotmybfg]

Someone should show this to those clueless municipal IT folks out in San Francisco

The thing is...

[theotherbastard]

I believe Skyhook uses the Wireless Antenna's MAC Address, not the WAN Port MAC Address. So, you'd have to be within proximity of the WAP in order to get that information anyway, which means you know about where the WAP is in the first place.

Re:The thing is...

[clone53421]

True. However, the fact that I can find YOUR wireless network only if I know the general location doesn't change the fact that I can see half a dozen people's wireless networks from where I sit if I'm not particularly trying to locate YOURS.

Re:The thing is...

You can get the WAP MAC address using SNMP from many system. My Linksys for example hands this out. Of course, that assumes they have a rooted host on your LAN. In that case you're pretty darn screwed anyway. I doubt it would take a week of sniffing my network to know my home address and lots lots more.

Theft Recovery?

[PainMeds]

A lot of different theft-recovery packages report the WiFi router and MAC address back, so this could theoretically be used to recover a stolen laptop that went back online.

Welcome to the long old line

[Spatial]

The doom predictors have been wrong the last several hundred million times in a row. So are you. Welcome to the world's longest conga line, friend!

Late to the party

[ElectricTurtle]

Wigle has been doing this for years and years. They're also almost completely open and cross platform. Besides, if anybody wants to know where somebody is, there are a lot easier ways than trying to link a an address from the media access control layer to some coordinate on a map.

Re:Late to the party

Does Maemo Mapper contribute GPS/MAC pairs yet?

Re:Late to the party

[detritus.]

Yes, and companies like Skyhook lease user-submitted data from the Wigle database.

Re:Late to the party

[ElectricTurtle]

Lease? Anybody can download that data.

Re:Late to the party

[detritus.]

Yes you can QUERY the data, but you still can't download the entire data set from their site, or just download new submissions.

Re:Late to the party

[ElectricTurtle]

Apparently you haven't really used the software. The Digle client can basically request any square area of coordinates which then get downloaded to a file. Only a certain number of points are the maximum for an area, but if you size down the area and go section at a time (which somebody could probably write a script to do, but I'm too lazy) you could get all the coordinates in the database (in chunks of several thousand at a time). I've taken these files and imported them into MS MapPoint. Of course with so many coords to keep track of it makes the software unstable, especially when you try to merge the various files from different regions of requests.

Quick Web Implementation

[MobileMrX]

I put together a quick and dirty web implementation if anyone wants to try this out: http://puddleboy.com/MACLocate.asp

Re:Quick Web Implementation

Very nice work!

Life expectancy of router power supplies

[PeeAitchPee]

Does he verify / update the data from time to time? Given the atrocious life expectancy of your typical Chinese wall-wart power supply that comes with the standard Best Buy / Circuit City-bought router and Americans' propensity to simply buy a new router when their old one appears to die (when 90% of the time it's just a dead power supply), I'd think this data would get stale pretty quickly.

Re:Life expectancy of router power supplies

[Life+Liberty+Freedom]

Too bad the B&M places where people could by a new power supply charge almost as much for the power supply as a new router can costs

I'm sure I speak for SF network admins when I say:

[UnknowingFool]

This could have been brought to my attention YESTERDAY!!!

Guns

[grnrckt94]

This was exactly what I had in mind when I bought my 12 gauge.

Re:Guns

[ElectricTurtle]

Which is exactly why back when I was wardriving I used an 18 dbi omni so I didn't have to be close to anything and did it at 2 am when everybody was asleep.

Not to mention I religiously carry an H&K USP myself.

Beware of FUD

"The actual query is done inside of their compiled code, so itâ(TM)s a secret and no one will ever figure it out."

This is the most retarded statement I've read today. He even goes on to say that he 'reverse-engineered' their XML... a format designed to be entirely human readable. Will he try cracking HTML next?

Really this whole story is a bunch of sensationalistic nonsense.. you've had similar reverse lookups for ip addresses for years and unlike MAC addresses those are publicly broadcasted on the internet.

Phishing Email

[JCSoRocks]

Imagine if I got a phishing email that included my home address? What difference does it make what information it contains? It's still obviously a phishing email and I'm still just going to forward a copy on to abuse @ whatever domain they're impersonating and then dump it in the spam folder.

I still don't understand how phishing actually works on anyone... once you understand a basic concept - never follow links from emails that are soliciting information - you'll be fine. I guess people are just hopelessly uneducated about it.

Re:Phishing Email

[pandrijeczko]

I used to be very smug about phishing until about a year ago when I fell for one.

I'm a security consultant for a telecoms company, Linux/UNIX geek and have 30 years experience in computers. But on a particularly hectic day about 6 months ago, I had an email pop up about my Paypal account being disabled unless I logged in and did something - and I did just that, giving away my username and password in the process!

As soon as I'd sent my details in the phishing form, I realised my mistake. I immediately cancelled the bank/credit cards that were on Paypal's records, changed my eBay and Paypal passwords and reporting the phishing site to Paypal. The site disappeared within about 30 minutes and I suffered no adverse problems.

Believe me, it *can* happen to the best of us! It just needs a little lax concentration and not thinking before you send that form off.

So stay alert and don't get too smug about it. :-)

Re:Phishing Email

[JCSoRocks]

Good advice!

How is that informative?

[tetromino]

First: I use Comcast. Over the past 3 years, I've replaced wireless routers 2 times (in 2 different homes). The only thing I needed to do to set up a new router was to power-cycle the cable modem; I did not need to change the router's MAC address.

Second: in any case, even if you use some ghetto ISP that tracks router MAC addresses, the external MAC (what the cable modem sees) and the internal wireless MAC (what the wardrivers see) are different and completely independent. You can easily change one without changing the other.

SkyHook = Abandoned Military Project

[tyler.lee]

I thought that SkyHook was a project developed by some military to extract insurgents from hot zones using tethered light-up balloons!

Re:SkyHook = Abandoned Military Project

[Kegetys]

Correct name for that would be STARS

Re:SkyHook = Abandoned Military Project

[tyler.lee]

lol...NO! I was referencing The Dark Knight.

Compatibility

[tepples]

Only when the person is too much of a poser to not find the hidden SSID.

Plenty of devices with an 802.11b radio, especially handheld devices, cannot connect to networks with hidden SSIDs. (A lot of them can't do WPA either.) If you use one of those devices, you have to reconfigure networks that you administer not to hide the SSID.

Re:Compatibility

OK, rephrase (and fix the unintended double negation): Only when the person is too much of a poser to find the hidden SSID or to not use some crippled device.

Re:Compatibility

[tepples]

Only when the person is too much of a poser to find the hidden SSID or to not use some crippled device.

Nintendo DS doesn't work with WPA, and I haven't been able to get it to work with hidden SSIDs. I don't think you meant to call fans of DS-exclusive games "posers", did you? Or what game should I be playing on a non-crippled device instead of, say, Nintendo's Animal Crossing: Wild World?

Poor man's GPS

[mu22le]

This thing has the potential of turning your laptops wifi card in a poor man's GPS.
Just check what wifi networks you see, check for them in the db and find your position using signal strength to weight the AP positions.

It would work quite well in densely populated areas.

I have been thinking for long about doing something similar with your cell phone. Just check the visible towers, ask google their coordinates and geolocate yourself (if only the symbian API gave you info on other cells apart from the one you are connected to).

Re:Poor man's GPS

[Toll_Free]

Gee, your only right behind Google Maps.

--Toll_Free

Re:Poor man's GPS

This thing has the potential of turning your laptops wifi card in a poor man's GPS.
Just check what wifi networks you see, check for them in the db and find your position using signal strength to weight the AP positions.

Guess who beat you to that punch... Microsoft.

http://www.microsoft.com/downloads/details.aspx?familyid=5a588766-3697-4906-a239-f4222c91e324&displaylang=en

Re:Poor man's GPS

[Life+Liberty+Freedom]

Isn't a poor man's GPS a........GPS?

I mean, I've seen GPS units on sale for 100 bucks

Re:Poor man's GPS

[mu22le]

Yes but the battery does not last 120h, it does not work inside buildings... and you don't have to carry another gizmo in your pocket just to track your walk in a city.

Hmmm... time to change

Thank goodness my router has MAC address clone, like virtually everybody's. I think I'll set mine on some kind of rotation.

Google?

[xandey]

Isn't this exactly what Google's location api does? Only without the cell tower and GPS functionality?

http://code.google.com/p/gears/wiki/GeolocationAPI?redir=1

I would imagine it would be hard to compete by wardriving when Google has an army of mobile phones querying where they are reinforcing the database.

similar 2600 article

Great article in 2600 about a similar topic. You can add the MAC address of someones phone to the network instead of the MAC of a wireless router. Whenever their MAC address is picked up on the net it updates the physical location of that MAC address. You can basically track where a person is at all times. If they have an IPhone or something similar you just need to be near the target person with a access point, the iphone will try to acquire a connection automatically and oh was that your mac address your phone just gave to me. Thanks.

How *do* I find my MAC address?

[DoofusOfDeath]

I have a Verizon FiOS Wifi / ethernet router. I poked around the settings for the router but I couldn't find its WiFi MAC address listed anywhere.

Anyone know how I can found that address? (On my client I'm running Ubuntu 8.04)

Re:How *do* I find my MAC address?

[ElectricTurtle]

Not all wireless routers have the wireless turned on by default. Beyond that, I would just use netstumbler to find the the MAC of the wireless side of the router ;-P

Re:How *do* I find my MAC address?

[theotherbastard]

Kismet would probably work best on Ubuntu.

Re:How *do* I find my MAC address?

Its probably on a little sticker stuck to the back of the box.

Re:How *do* I find my MAC address?

[DoofusOfDeath]

I tried that, but found the interface pretty confusing. So instead I tried kwavecontrol, which has a more intuitive gui.

From what I can tell, the linux driver for my laptop's Intel 4965 wifi card doesn't report the AP's MAC address.

Maybe I'd have more luck with the Window's driver, but my laptop only has Ubuntu on it. :(

Re:How *do* I find my MAC address?

[smoker2]

A label on the bottom ?

Re:How *do* I find my MAC address?

[DoofusOfDeath]

A label on the bottom ?

Yup. Hidden on the side I couldn't easily see. I was hoping for the more techically interesting solution to the problem, but at least I've got the MAC address now. Thanks.

iPhone

[Have+Blue]

The iPhone already uses this service for AGPS and A-cell-tower-triangulation. It was added in a 1.x update well before the 3G was released.

Vistumbler

My Program Vistumbler does this also...I wouldn't thing the idea is new in any way

Vistumbler has an option to export data to a wireless database. So anyone could share their scan data. Right now the WifiDB is still in alpha stages though.

http://www.vistumbler.net

data not new

I live in Canada and moved over a year ago.

When looking up my mac it gives location for my old address.

But, it had the location pretty much bang on. And this was in a townhouse of over 100 small houses.

Wonder if the data in the US is newer.

Problem?

[PPH]

Wifi OTOH using radio allows anyone in range to find out its address. Thats the problem.

So what? There is nothing anyone can do with my MAC address unless they are within range of my router (on the same cable for hard-wired networks). I just don't see how this database would be of any use to someone a number of hops away from me.

Assuming no hacked hardware between us, my MAC address isn't available for a remote site to look up based upon an IP connection.

Re:Problem?

[clone53421]

Basically the concept is this. Some spammer/phisher already has your e-mail address, through whatever means. Someone else stumbled across the MAC of your wireless router by wardriving your neighbourhood and put your MAC and location into a database. If the spammer/phisher can e-mail you and trick you into revealing the MAC address of your wireless router, he can put together the information he knows to link your e-mail address, wireless router MAC, and physical location.

Re:Problem?

[PPH]

That splits the population into 2 groups:

1. 95% of the population: Whaaa? What's a MAC? Like a Big Mac? Wireless router? Is that the thingy with the blinky lights that the guy from Geek Squad put in and told me never to touch?
2. 5% of the population: I know what you're up to, buddy. Go f**k yourself.

Seriously, by trick you mean something like embed a malicious executable into a piece of e-mail that probes around your target's LAN and reports back its configuration. Those that have default passwords on their router, enter passwords blindly when prompted to, or have their e-mail configured to execute anything deserve to be hunted down.

People that are this dim could probably be tricked into divulging their street address anyway.

Re:Problem?

[clone53421]

95% of the population: Whaaa? What's a MAC? Like a Big Mac? Wireless router? Is that the thingy with the blinky lights that the guy from Geek Squad put in and told me never to touch?

Yes, and we need the 12-digit code (like xx-xx-xx-xx-xx-xx) from the sticker on the bottom or possibly the back. The FBI has detected illegal activity on your line and we need to verify the connection. (insert spelling and grammatical errors for realism)

Flash your router

[DrSkwid]

and change your MAC every second

yes | awk '{system(sprintf("ifconfig eth0 hw ether %02x:%02x:%02x:%02x:%02x:%02x; sleep 1", int(255 * rand()), int(255 * rand()), int(255 * rand()), int(255 * rand()), int(255 * rand()), int(255 * rand())))}'

Re:Flash your router

[3247]

*arp*

IPv6 MAC addresses don't leak much here

[billstewart]

IPv6 does have a mode where it autoconfigures devices using a munged version of the MAC address as the lower 64 bits of the address. (It's an ugly munge, not simply a 16-bit subnet plus 48-bit MAC, but in some sense it still gives you Netware-like autoconfig.) It's not clear how many people are going to use that mode, as opposed to a DHCP-replacement mode.

But that's not going to leak information about the wireless, because typically nobody outside your building is going to talk to the IP address of the wireless side of your router. Either they're going to talk to the IPv6 address of one of your computers, so they might see the MAC address of your laptop, or they might see the MAC address of the Ethernet side of your firewall, but that's different from the MAC address of the wireless side.

What's the big panic about?

So some kids wardriving with a gps found a WAP. Big freakin deal... The stumbling software records the cordinates (usually) for the strongest signal point, that doesn't mean there will be pin-point locations to where the WAP is. Congradulations, you found their neighborhood but are still quite a ways away from finding their actual address unless you feel like stalking them. I highly doubt nigerians will spend their hard earned money to come to Arkansas to find a wireless network called 'guess what i did to my sister'.

~ Area-51
http://www.radioactiverussian.com/

Typo

"an minimally documented API"? Is that like being "an hero"?

Re:everything made by man fails

let yOUR conscious be yOUR NECROTIC DOG PENIS.

Uh..

Isn't the wireless AP's MAC address (what you'd see when wardriving) usually different from the WAN port's MAC address (where all external traffic comes from) anyway?

IPv6

[200_success]

In IPv6 autoconfiguration, a node forms its address by concatenating a prefix broadcasted by the router and a suffix based on its own MAC address. The leaked MAC addresses would be those of the computers behind the router, not of the router itself. The prefix used would likely be provided by the ISP or tunnel broker, in much the same way that the ISP hands out IPv4 addresses today.

Re:IPv6

[John+Hasler]

> The leaked MAC addresses would be those of the computers behind the router...

Or whatever number the admin chooses to supply instead.

Custom lojack

[jroysdon]

This would be a great DB to have for my custom lojack that reports back to my server the AP SSID and MAC address that any of my laptops are talking to. I'd be able to go to the location myself and verify the AP MAC address is still there, triangulate where the source is, and then notify the police so they could get a search warrant and recover my laptop.

MAC Addresses not unique

[rekoil]

One big flaw in this system - as I understand it, MAC addresses are not globally unique as IP addresses are. It's a 48-bit address, but the first 24 are the vendor's ID, leaving only 24 bits for a unique device ID (and these do get recycled). This is good enough in the scope of a local LAN, but Skyhook's system seems to depend on these being globally unique, which isn't the case.

Anyone know how they deal with this?

Wrong

A-GPS uses Cellular network cell IDs, *not* router MAC addresses. See the wiki for an explanation of A-GPS.

Well done mods for pushing this mis-information up.

what a waste of time

wow...that was hard to overcome.

ap01(config)#int Dot11Radio 0
ap01(config-if)#mac-address 0019.a9cd.c141
ap01(config-if)#int Dot11Radio 1
ap01(config-if)#mac-address 0019.a9ce.c142

Just changed both my radios.

what a waste of gas and time to have driven around for something that can be changed so trivially.

Paranoid

Maybe mac addresses should contain hourly water usage so hackers can tell how many times you take a dump.

Movies

[DaVince21]

You know... Those people in them action movies about hackers have been able to do this for years.

On a serious note, this is a bit... unsettling.