[Dailydave] my idea of the day

[Trey Keifer]

In regards to your comment about accelerometers... The MEMS based market has
had significant improvements thanks to companies like Analog Devices**, I
have a couple of their dual-axis devices sitting on my desk right now for
another project. That piece of the problem could be easily solved depending
on your definition of  "precise."

The effect of small distance variations on signal strength unfortunately
I've never read up on. I'll leave that one up to the RF experts...

**disclaimer... i have no affiliation or interest in AD, I just think their
products are cool. :)


On 3/15/07, Michal Zalewski <lcamtuf at dione.ids.pl> wrote:
>
> On Thu, 15 Mar 2007, Dave Aitel wrote:
>
> [ Repost; Dave, if you get a chance, reject my original post and
>    approve this one instead, I hit Ctrl-X too early; or if it's too late,
>    reject this repost. Thanks. ]
>
> > So here's my idea of the day: I want relational triangulation in
> > SILICA. I want to be able to click "Find this AP" and then have SILICA
> > say "stay still . . . . signal is 99. Now take 5 steps to the left....
> > signal is 91. Now take five steps forward....signal is 102" and then
> > interpolate in "steps" the distance and direction of the access point.
>
> Moving several feet to the left or right when not standing next to the
> device is almost guaranteed not to measure any appreciable signal
> differences that would not be overpowered by random reflections, RF
> interference, attentuation caused by walls, chairs, etc, or residual
> directional characteristics of an antenna (you need to get one that is
> almost perfectly omnidirectional, or else maintain a precise angle while
> moving around).
>
> Consider this: when standing 20 meters from the transmitter, facing it in
> an open, unobstructed, reflection- and interference-free field, moving 2
> meters to the left with a perfectly omnidirectional antenna would change
> the actual distance the signal has to travel by about 0.1%. A precise RF
> interferometer could work, but signal strength measurement alone are not a
> useful indication of your location in this axis.
>
> Doing it from 5 meters away will of course work better, but then you're
> close enough to spot the transmitter by simply observing signal strength
> while walking around. Circling the area of a suspected transmitter site
> would yield great results, too, but without a GPS or a set of precise
> accelerometers, registering or approximating your movements in an indoor
> environment is unlikely to be easy.
>
> If you're left with only one axis to take meaningful measurements, you
> wouldn't be able to interpolate the actual distance, because you don't
> know how powerful the signal would be were you standing next to the
> transmitter - depends on chips, antenna, settings, terror alert level, and
> how strong is the initial attentuation is (be it caused by ceiling panels,
> doors, rack mount or a printer it is sitting behind).
>
> As such, standing up, making 5 steps to the right, 5 to the front, 5 to
> the left, 5 to the back is almost guaranteed to give you no benefit over
> simply walking around with a traditional meter.
>
> We happen to hunt "pirate" APs in our office buildings from time to time,
> and even with specialized, directional receivers and quality software,
> it's still a mess.
>
> That said, there are several tools that allow AP location triangulation in
> corporate environments, but they usually rely on several fixed measurement
> points that are 10-50 meters apart, and mounted in a controlled, carefully
> measured way, and again, *around* the rogue access point, so that absolute
> measurements can be made. AirMagnet sells something like this.
>
> /mz
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.immunitysec.com/pipermail/dailydave/attachments/20070316/5ff630cb/attachment-0001.htm