Michael Ruebner <njus@lunchinglads.net> hath wroth:

>For a while now, I've been tracking an intruder to my WEP-encrypted home
>wlan.

Dumb. WEP can be cracked. Switch to WPA or WPA2 with a long and
convoluted pass phrase.

>As snails tend to leave slimy tcp/udp trails, I have a rough
>idea of what I'm dealing with by now.

Sure, just monitor and record the traffic. The culprit will
eventually login to something.

>The rouge signal must come from either an adjacent apartment building or
>from line-of-sight across the street. Unfortunatly, this boils it down to
>approx. two dozen likely perps.

Apartment buildings are rough. I usually use a big 24dBi dish antenna
to locate the exact apartment. Walking the hallways with a sniffer
once I locate the floor and general area. It's difficult not to be
obvious so I hide the dish inside a trash bag.

>Is there any procedure/technology out there that would allow me to
>pin-point the *incoming* signal?

Not from where you're sitting. I have a TDOA (time difference of
arrival) scheme that uses two access points to triangulate the source.
I don't recommend it in a highly reflective environment such as
between buildings. The big dish and sniffer are good enough.

I've written some things on the topic in the past:
<http://groups.google.com/group/alt.internet.wireless/msg/29e80c63528b1d5c>
The basic idea is to take a large number of directional fixes and try
to figure out where the majority cross. You'll need a laptop running
Kismet in order to see the client radio. I prefer a spectrum
analyzer, but that costs real money. It's also not easy without
practice.

More, if you want, when I have more time.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558