> We have a public wlan for visitors in our company.
Public, as in not running any security like WPA or WEP? That's a mistake.
It'd be somewhat easier if you had security setup for it, even one that just
use a placard at the door entrance reading the current day/week/month
password. You could at least then use that to cross-reference a username
login on something to the MAC hardware.
> The problem is, where is this guy? We are located in a office building
> and we can see see networks from other companies and from another
> building on the other side of the street. (Our admin says there is very
> little he can do without mapping the whole area first, including the
> other building)
If you're dealing with more than one access point then you could use
something like Ethereal (now called Wireshark) to sniff the packets. You'd
have to setup a hub between the access point being (ab)used and put a
computer on it to capture the packets. Configure the filters to capture
only the packets from that questionable MAC address. Then sift through the
packets looking for additional identifying information. A POP mailbox
login, website, etc. If they're abusing your network they have no
reasonable expectation of privacy.
You could also use something simple like a windows "net view
\\mystery.computer.ip.address" with the hopes they've done something stupid
like left windows filesharing running. And then used an identifiable PC
name (heh, like Joe's Dell Inspiron or the like).
You could get really devious and setup a transparent proxy that would
re-write their download requests, and return different content. Like an AVI
movie of a REALLY LOUD SOUND and have folks listening for it. Or web pages
that unleashed pop-ups that redirected to other internal web pages and track
those via log files.
I'd start with collected packets from the abusive machine. Let it collect
for a while, like a week or more. Then look through them to see if you can
find any sort of identifiable destinations. At some point this idiot is
likely to use something that'll trip him (or her) up. An instant messenger
login, checking a mailbox, etc.
There is also the "problem with the network, call us for help ploy".
Redirect web traffic to a web page explaining there's a problem and put a
phone number on there for them to call asking for help. Make it come up
randomly. Enough that they'll think you're idiots and call demanding you
get your sorry act together. Be busy and get a call back number, be surly
and rude so they'll call your boss to complain about you. You're looking to
bait them into providing as much identifiable info as possible. Making
yourself look stupid and pissing them off works in your favor.
There's lots of things you can try, but none of them will guarantee results.