We have a public wlan for visitors in our company. Now our admin guy says someone is downloading clearly illegal stuff and it seems this has been going on for some time now. He says he can easily block out this guy, but I would like to call cops (guess what he is up/downloading?).
The problem is, where is this guy? We are located in a office building and we can see see networks from other companies and from another building on the other side of the street. (Our admin says there is very little he can do without mapping the whole area first, including the other building)
Quite frankly if he or she is outside your building and accessing your network you are going to find it almost impossible.
Does he or she always use the same MAC Address or do they change it? It is quite easy to spoof MAC Addresses so they could keep changing this.
The fact that they can access your network without you knowing means that you are running a completely open network and that is foolish in this day and age.
I think you should be concentrating your efforts in ensuring it doesn't happen again.
Most visiting users don't mind encrypted networks and therefore I suggest you start with having an encrypted network and change the key regularly, visitors should register for the key. If the web site is still being accessed then you can start looking at your visitors.
How does your company access the Internet? Is it not possible to block access to ************ web sites?
Yeah, I think I better make sure our IT guy knows what he is doing. The whole setup is basically made by him. Open network was chosen because of convenience. If there is no way to catch this guy, then I definitely want the access limited.
What I understand is that this guy accesses many sites, most look like someones home page or whatever (there just always seems to be some zip files to download...), but some of the sites have very revealing names (that's what got our attention).
How to find out client physical location? 
Linear Mode
