Live from the PaulDotCom Security Weekly Studio....
Email: psw@pauldotcom.com(Bandwidth provided by OSHEAN)
- Want to register for any SANS conference? Please visit http://www.pauldotcom.com/sans/ for our referral program.
- Sponsored by Core Security, listen for the discount code at the end of the show
- Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
- Please go update our frapper map!
- Want some cool PaulDotCom Gear? Do you hack naked? Check out our Cafepress Store!
- Full Show Notes
Email: psw@pauldotcom.com






It's a bit complicated to do with just one command as you say. Well, actually it's probably very simple but I haven't been able to find a simple way to do it so I've came up with this weird and ugly solution:
hcitool -i hci0 info `hcitool -i hci0 scan | grep -i '\([0-9a-f]\{2\}:\)\{5\}[0-9a-f]\{2\}' | cut -b 2-18`
The info option, which is the one you want, requires the "baddr" as an agument so what I do is to scan for devices, use with grep to filter lines that say things like "scanning", and then cut the MAC Address and feed it to the info option. It works for me.
Enjoyed the podcast, although twitchy seemed pretty mellow. are you guys slipping him some rum in those cokes?
You mentioned a tool that would take advantage of Windows use of netbios broadcast for name resolution. This is configurable in windows, it's called the "netbios node type". They used to recommend nodes (Client winders boxes) be set to a hybrid node type (0x8 iirc), and defaults are either 0x1 or 0x8, both of which broadcast. a p-type node does not broadcast, and is 0x2. THAT should be the default setting handed out via DHCP Servers, and manually set on servers in an organization. see: http://support.microsoft.com/kb/160177 for some reference.
I say that, yet turning off WINS and netbios broadcasting still breaks a lot of legacy apps so handle with care.
With Win2003 and AD MS purports that you may be able to "turn off" wins but in practice I rarely see that as possible, except for shops with little or no legacy windows applications that depend on MS/WINS/Netbios retardedness for proper operation.
YMMV.
thanks for the great podcasts, I really enjoy them.
Matt/Pfft@Freenode