Tracking a Hacker?

I have two mac address that are constantly trying to connect to my “SSID hidden” AP. I have my AP set to only accept mac’s in my access list.

My question is, can this “constant connection attempts” affect my network negatively? If so would like to do the following.

I would like to find a usb powered AP that I could attach to my laptop. I could configure that AP to look like the one the hacker was trying to access. By adding his mac address to the access list I would allow him to connect to my spoofed AP and once connected, use a directional antenna to find the wireless device trying to connect by its signal strength.

Once I found the wireless device I could then have a nice chat with its owner or if the device was located in a place that was inaccessible, such as someone’s apartment maybe I could use a directional antenna attached to a radio set to transmit non-stop, and point it at the offender to raise the noise level around him enough to cause him problems with his own network.

What do you think?

Good idea and I’m sure you are so pissed.

cmon69 -

While all that sounds good - your best bet is to have a conversation if you can…

Have you tried changing your security profile for your connections? That may help.

Barring the above - you could always create a virtual AP on your current AP, setup a special connect rule for these two, then basically ‘tarpit’ them in NAT. That way they would show ‘connected’ but would get about 10bits a minute to nowhere… Nothing usable that’s for sure and since they are ‘connected’ then you wouldn’t be bothered by all the attempt messages, it would also ‘hold’ their client so then CSMA would take over and keep them from TXing all the time… Something to think about anyway.

R/