I run a small wisp. We are open for people to connect into, if they have a correct username and password. Here is PART of ONE line for a person who attempted a connection

IP: 10.0.0.12 MAC: 00-1E-C2-37-81-04 Name: iPhone Type: Dynamic



Now if I showed you the rest of that line you would know that YES you could be found! (Some deletions were made on the line posted and the complete line has not been shown.) I can even tell you the exact time, date that the connection was made and whether it was a valid user or a guest, and whether they attempt to validate or "hack" and if it was ever connected to the internet what IP's were called and connected by that user.



Hope that helps.

---Edit---

The line I posted was a wireless connection!

The assumption that ALL open wireless is operated by some dumb user should be rapidly dismissed! There are even "Honey Pot" wireless systems being setup to specifically capture peoples information these days.

http://www.securityfocus.com/infocus/1761

Just take a read. (this article was written in 2004!)



Is anyone around that might run a full scale trapping system? Hope your friend is sure they aren't. But around colleges, high tech areas, areas that have high tech people or ISP's that are looking? Then there are the black hat guys that want usernames and passwords for there own reasons. That way someone else gets blamed for what they do. In the best case they get bank information, credit card data, etc.

I hope you get it. Your "friend" is playing a risky game. Will he succeed? Is it worth the risk?



The link that tbshmkr posted is what is easily seen on the WAN side of a router connnection. NOW move that to the LAN side (which wireless uses) and just think how much information is really available should anyone want to get it!

On the LAN side there is no screens, there is no NAT, the computer is directly connected to the network!

This could be problematic, seeing that neither side of the community is a natural vigour-of-2 dimension. If the 2 constituents have been 192.168.one million.one million-127 and 192.168.one million.128-255, then you definitely might configure every interface with a netmask for a /25 community, and the OS will have to be shrewd adequate to decide on the proper interface for any outgoing IP visitors. But the best way it's, it appears such as you'd desire a very bizarre protocol stack alternatively of the one who comes with WinXP. How did the 2 constituents of the community get mounted like that to begin with? Can you difference the community topology? Or renumber one of the machines at the community with the intention to make each constituents /25?

HeyImJason



Interesting question.



There are a number of challenges here. And for the most part, it looks like "John" is pretty secure in his strategy if he follows certain guidlines. Then, there is always the one off that can snag him.



First, let's review what he is doing. His home has a standard router with a hardline. He does all of his legitimate stuff from there. Then he disconnects his legitimate connection, plugs in his wireless, and he turns into Neo, riding on someone elses unsecured wireless network.



When he rides on someone elses (Jim's) network, all traffic (legitimate and rogue) has to go through Jim's router which is running Network Address Translation. So what the ISP sees is one IP address that their DHCP has leased to the front end of Jim's router (actually, it's to Jim's modem and the modem has it's own private network that leases an IP address to the front end of Jim's router) and that IP/modemMAC is noted at the ISP. That is what they can track.



So if "John" is riding on "Jim's" network, "John" is a part of "Jim's" network and all traffic is seen as going to the front end (the modem) of Jim's network. The ISP has no way of knowing what individual machine is requesting or getting traffic because of Network Address Translation. They have no insight into the IP allocation on the backside of Jim's router.



Now Jim can log into his router and check his logs, but that will only tell him if there is a rogue IP address on his network that doesn't match his machines (I'm assuming here that Jim is running around his house to see which machines are logged in).



He can see what activity has hit his DHCP, what IP addresses have been requested, which of the internal IP addresses have requested it and even which MAC addresses have made the request.



But he has no way of pinpointing the owner of the MAC address.



So here is something for your friend John: Is he doing this from a laptop or a desktop? And how many wirless adapters does he have?



If John is doing this from his laptop, then he is free to roam around the neighborhood and hit any wireless network he can gain access to. Chances are good that quick hit and runs will remain unknown for a long time.



On the other hand, if he is using his desktop (aka stationary) he is creating a pattern on a few accessible wireless networks leaving him open to a trap (unless his has a pocket full of wirles adapters that he can use to change MAC addresses or he can use one wireless adapter and spoof a MAC address).



As pointed out in one of the other posts, some of these "Information sites" can only gather so much information (information contained in you browser), some stuff left behind in tracking cookies and whatever the ISP has on the leased IP address. But the ISP Leased IP address is an artifact of Jim's network, not of John's machine.



The only info given up by John's machine is stuff like OS type, browser type, screen resolution, etc... but nothing that says "Hey, this is John's machine" unless he is actually required to put in information identifying him (as in logging in to some sales and marketing websites that have paid memberships like the Mckinsey Quarterly). Then his identifying information can be linked to the IP address that the ISP has on file.



But Jim has no idea of how to get that information and I don't think Mckinsey or the ISP is going to release something like that unless the FBI gets involved.



Now, if I were Jim and I were slightly software savvy and extremely devious, there is a way to find out who is logging into my network.



Let's say Jim is software savvy and discovers someone on his network (for the moment, let's ignore the fact that he's left his network completely open for everyone to use). Jim could go to his closet, pull out one of his "retired" wireless routers and set it up with an open network while encrypting and closing down his "real" network.



Then Jim would take one of his retired machines or maybe even an old laptop, connect it to the front end of the router (the WAN side), install the Apache webserver, create a decent and interesting website and poison it with some downloadable malware (trojan horse, rootkit or somethig small that will install a keylogger, virus or anything that is capable of collecting and sending out information on a system).



Now Jim has two wireless networks, one hidden and one advertised and open for anyone to use, only this one is a closed system with a trap on the inside waiting for unsuspecting users.



The idea isn't new. These arrangements are called "honeypots" (using something sweet and enticing to attract unsuspecting critters) and system administrators and network administrators in large organizations make use of them to divert network intruders long enough for tracking and identifying.



So for the typical user, it's almost impossible to determine who is accessing their network. But there is that small percentage

These sites show the text that is passed by your PC.

More information is passed, but these sites are for the casual Internet user, not a systems analyst, Networks Technician-type, or Law Enforcement.

-----

http://www.spyber.com/

==

http://aruljohn.com/details.php

your absolutely WRONG hes not safe.. they know exactly who he is where he is and what he ate for breakfast...