Hiding Your Presence On A Network

[joeypesci]

So, you're pen-testing and get onto a WEP secured WIFI network. You logon to the router and find they appear to now register machines that are on the network, yours is one of those now registered on it. So if the user was to check the router later, they'd see the unauthorised device that had connected.

BTHomeHub2 does this and so does the O2 router.

Is there away to hide from this?

Been testing on my old Linksys AP which I don't believe does it. Although does have a log feature that I can put in a log monitor but don't bother.

[Sparda]

There is no way to truly hide your self on a wireless network if you have to associate with it. You can do things like, change your mac address and not get an IP from DHCP, the the AP will still know you are there.

[joeypesci]

There is no way to truly hide your self on a wireless network if you have to associate with it. You can do things like, change your mac address and not get an IP from DHCP, the the AP will still know you are there.

Thanks. Thought it might be the case.

[Infiltrator]

Thanks. Thought it might be the case.

Or you could pose as one of the trusted devices, by changing your computer netbios name and mac address.

Edited May 6, 2010 by Infiltrator

[joeypesci]

Or you could pose as one of the trusted devices, by changing your computer netbios name and mac address.

Yeah was thinking that although you'd have to do it when they (the device you're spoofing) weren't on the network.

Edited May 6, 2010 by joeypesci

[Infiltrator]

Yeah was thinking that although you'd have to do it when they (the device you're spoofing) weren't on the network.

Yes in deed that's the only issue.

[Alias]

This might seem like a really stupid answer but why not just delete the logs?

[Infiltrator]

This might seem like a really stupid answer but why not just delete the logs?

I think the wireless router would still register any device that has contacted it, even if the log files are deleted you can still find out who is/was connected to the AP.

[Alias]

Disable logging?

[The Sorrow]

well, you cant be "invisible" but you can do your deeds, modify the logs and leave. nothing left but some packet logs saying there was a spike in syn ack and so on

[Random_N00b]

I've got one that goes along with this topic...kind of. I'm on a wireless network that will only let computers on the network if their wireless NIC's MAC address is in their system. And they register your name with the MAC address. They are obviously watching what data is being sent across the net. How do I keep them from seeing my data. I can't hide that I'm on the net, they know by my MAC address, but I'd like to make it so they can't see what I'm going to. The only idea I had was an SSL tunnel into a web server that I trusted. Any ideas?

[Sparda]

TOR, VPN, SSL proxy. Just to name a few options.

[Random_N00b]

TOR, VPN, SSL proxy. Just to name a few options.

Wow, that was quick. Thank you for the advice.

[Infiltrator]

TOR, VPN, SSL proxy. Just to name a few options.

Or he could use SSH, which should make things a bit more secure.

[Random_N00b]

Or he could use SSH, which should make things a bit more secure.

I appreciate the help and advice. As the name implies, I am just another random noob here. Thank you for helping me out.

[barry99705]

Disable logging?

My access points don't do their own logging.