Remaining Undetected

[bannockburn1314]

Hi Guys n Gals,

1st post and let me start by saying what a great site,a huge resource to satisfy my technolust.

I'm gradually making my way through the forums posts and i'm well aware that google is my friend but i'd like to get advice and feedback from all of you on the above subject.

My 1st hurdle is what's the best set up in terms of live cd vs dual boot vs virtual machine?.

I'd like to go down the dual boot route just for the slight boost of the os been on a hard drive as opposed to reading from a cd.

My worry here is event logging , if say i'm dual booting windows & backtrack , when i'm in backtrack is windows logging all my activity? or indeed is backtrack logging my activity or is it designed not too ?.

Too err on the side of caution i'm currently booting backtrack from live cd and removing my hard drive in the hope no logs are being stored but it's a pain doing this everytime i swap os.

If backtrack does log my activities would bleachbit be sufficient to delete these logs or would i have to delve deeper into the system to find and erase all traces of my activities? and where would i look?.

Another area where i'm uncertain is mac address , i have a mac address associated with my laptop yes? and my wifi adapter has a mac , so do i have to change both mac addresses? and would it also be necessary to fake my ip address?.

So this is the area where i'd appreciate your feedback as to how you get around these issue's and protect yourselfs.

Thanks for taking the time to read this and for any feedback or advice your willing to share.

Look forward to reading them.

[Mr-Protocol]

My 1st hurdle is what's the best set up in terms of live cd vs dual boot vs virtual machine?.

I'd like to go down the dual boot route just for the slight boost of the os been on a hard drive as opposed to reading from a cd.

My worry here is event logging , if say i'm dual booting windows & backtrack , when i'm in backtrack is windows logging all my activity? or indeed is backtrack logging my activity or is it designed not too ?.

Too err on the side of caution i'm currently booting backtrack from live cd and removing my hard drive in the hope no logs are being stored but it's a pain doing this everytime i swap os.

If backtrack does log my activities would bleachbit be sufficient to delete these logs or would i have to delve deeper into the system to find and erase all traces of my activities? and where would i look?.

I use on my laptop: Ubuntu as the main OS and run BackTrack in Oracle VirtualBox. There is no logging between them, they do not see each-other (except over network if setup that way). Dual boot will not "log" to a difference OS but you can still modify data from Linux to Windows, but not Windows to Linux. It is easier to Virtual Machine (VM) say BackTrack or any other secondary OS because you do not have to reboot and can have two or more OSs running at the same time.

I would say your paranoia is getting the best of you in terms of logging your "activities".

Another area where i'm uncertain is mac address , i have a mac address associated with my laptop yes? and my wifi adapter has a mac , so do i have to change both mac addresses? and would it also be necessary to fake my ip address?.

MAC addresses are on network interface cards. Depending on the driver for Windows, you can change it in the "Configure" properties. Linux macchanger.

So this is the area where i'd appreciate your feedback as to how you get around these issue's and protect yourselfs.

Thanks for taking the time to read this and for any feedback or advice your willing to share.

Look forward to reading them.

Don't do any "questionable activities" and you have nothing to worry about. Setting up a test network in your home using virtual machines or real machines is a good way to learn, for example pen-testing, without affecting a live network.

[digip]

If you are paranoid about anything you do, then don't do anything that requires hiding from the law. That said, you can use live cd/dvds of linux or windows to boot from, while removing the HDD on the laptop or desktop in use, and change your MAC address before connecting to any network devices. Also, don't ever do anything from home or your neighbors/neighborhood networks, don't discuss what you do in public or private, and never log into sites that are tied to you from any place if you are also doing something you are worried about being in trouble for. If you hid all of your assets and location, broke into something and then also from the same IP logged into your email or some other site, you risk being identified in some manner. Especially if network admins are as paranoid and log all outbound traffic requests of any kind.

There is no such thing as being anonymous, just how hard you make it for someone who is truly looking for you in the first place.

Edited March 10, 2012 by digip

[bannockburn1314]

Thanks for the replies and advice guys , i appreciate you taking the time.

I hear what you say in terms of if you can't do the time don't do the crime.Don't get me wrong i have no malicious intent here just a curiosity to satisfy.

I have decided in terms of set up to go for the virtualbox method.That's already cost me a nights sleep.

Got ubuntu 11.10 as my main OS now and tried to set up backtrack in virtualbox 4.1.8 , but it's just not happening for me yet.

Away to do more googling , dam my noobness.

[bobbyb1980]

If you think you're being watched locally, then scan all client/AP MAC's in your area. Find out what those MAC's are doing, sniff their traffic, go outside, look around, etc.

If you think someone is monitoring your traffic from over the internet, give them something to monitor and watch and see what happens. Try to get the IP that is (assumed) passively sniffing your IP then do it right back to them.

Of course, if you're not doing anything wrong then there should be nothing to worry about. However with so many jr. wifi warriors running around these days it never hurts to take some extra measures to prevent yourself from becoming a victim of phishing or java attacks or whatever it may be.

Sometimes it makes me : ( to see that the main focus of our technologies are becoming on security based on paranoia. If it keeps going like this in another 5 or 10 years the internet will be like a maximum security prison.

[Infiltrator]

1) Use a live CD as stated above

2) Change your MAC address, if connecting to another network other than yours.

3) Use a public WIFI, rather than yours

4) Don't use Facebook, or any social networking websites to avoid leaving digital footprints behind.

5) Use TOR for anonymity. (To a degree, it won't keep you 100% anonymous)

6) Don't do anything suspicious

7) Use Encryption where applicable.

[digip]

If you think you're being watched locally, then scan all client/AP MAC's in your area. Find out what those MAC's are doing, sniff their traffic, go outside, look around, etc.

If you think someone is monitoring your traffic from over the internet, give them something to monitor and watch and see what happens. Try to get the IP that is (assumed) passively sniffing your IP then do it right back to them.

Of course, if you're not doing anything wrong then there should be nothing to worry about. However with so many jr. wifi warriors running around these days it never hurts to take some extra measures to prevent yourself from becoming a victim of phishing or java attacks or whatever it may be.

Sometimes it makes me : ( to see that the main focus of our technologies are becoming on security based on paranoia. If it keeps going like this in another 5 or 10 years the internet will be like a maximum security prison.

In many parts of the world, what you are asking him to do(monitor and sniff other peoples traffic) is already against the law and puts someone at risk of being arrested if they get caught doing it.

[bobbyb1980]

First off, I didn't ask him to do anything.

Secondly, if someone is trying to monitor me (which they usually do for malicious purposes) I'm not going to sit by idle and wait for the police to come to my rescue, and in the meantime hope they don't get my bank acct/email/facebook credentials. If I personally called my local police station and said "someone is sniffing my traffic" they'd probably say "well I hope it doesn't smell bad!"

Thirdly, especially if someone is trying to steal my wifi (never happened), I'm not going to sit by and watch them.

Like we've both mentioned though, if you're not doing anything wrong, you have nothing to worry about, but we always need to know how to handle threats that are growing increasingly common.

[digip]

First off, I didn't ask him to do anything.

Secondly, if someone is trying to monitor me (which they usually do for malicious purposes) I'm not going to sit by idle and wait for the police to come to my rescue, and in the meantime hope they don't get my bank acct/email/facebook credentials. If I personally called my local police station and said "someone is sniffing my traffic" they'd probably say "well I hope it doesn't smell bad!"

Thirdly, especially if someone is trying to steal my wifi (never happened), I'm not going to sit by and watch them.

Like we've both mentioned though, if you're not doing anything wrong, you have nothing to worry about, but we always need to know how to handle threats that are growing increasingly common.

Someone wake up on the wrong side of the bed today?

[Mr-Protocol]

I think so, digip.

bobbyb1980, let's keep it to a friendly tone, forum-wide.

There would have be some sort of "alert" or abnormal activity to bring to your attention that someone may be on your wireless network. Unless you sit and watch your access point logs for anomalies, what you are saying just isn't practical.

There are however very EXPENSIVE WiFi auditing solutions out there which will monitor for rouge access points, and do packet inspection all to a centralized server with monitor points scattered across your environment.

[Atomix]

If you are scared of getting caught then you probabaly shouldn't be doing it in the first place but who am I to judge. Your computer has a MAC address for your LAN (Ethernet port) if you have embedded wireless say on a laptop that would have a separate MAC. Any additional network interface would have one as well. You only need to change the MAC for the interface you are using As others have said don't log in to anything personal during your session. Scanning is a good thing to do so you know what's around you and what should or shouldn't be there based on data previously collected. The best method for learning what to do and what not to do is on a test network you set up if you have the hardware to play both the victim and attacker. When you know what is on one screen you get an idea of what you are looking at on the other instead of guessing. Have fun be safe and learn as much as you can.

[Infiltrator]

Though I strongly agree that we should know how to deal or defend ourselves against these growing internet attacks.

However rather than trying to be paranoid about someone hacking you, you can take simple steps to protect your wireless connection.

Use WPA2 with AES, choose a long and complex WPA key, limit the number of devices that can connect to your network, but limiting the number of IP addresses in your DHCP pool.

Be smart, don't do anything illegal that will draw attention of the authorities or other people and always play by the book.

[bobbyb1980]

Sorry for snapping at you digi : (

Mr. P, I know it doesn't sound very practical but I'm currently in the process of writing a python program to guard a wifi connection against AP impersonation style attacks. I am hoping to have it finished by the end of the month. It will need a dedicated interface to listen on, and will deauth anything it doesn't like. I'm about 20% done writing that function, I already wrote one that analizes an AP via airodump for new/unknown clients and deauths anyone that connects to your AP via aireplay-ng. I figure if you're using your own AP there should be no reason that anyone else is connecting to it.

I took the idea from I think it was Kennedy's program that blacklists anything that touches a port and applying that same concept to the lower layers.

[digip]

Sorry for snapping at you digi : (

Mr. P, I know it doesn't sound very practical but I'm currently in the process of writing a python program to guard a wifi connection against AP impersonation style attacks. I am hoping to have it finished by the end of the month. It will need a dedicated interface to listen on, and will deauth anything it doesn't like. I'm about 20% done writing that function, I already wrote one that analizes an AP via airodump for new/unknown clients and deauths anyone that connects to your AP via aireplay-ng. I figure if you're using your own AP there should be no reason that anyone else is connecting to it.

I took the idea from I think it was Kennedy's program that blacklists anything that touches a port and applying that same concept to the lower layers.

No worries, cheers. :bro hug:

[mreidiv]

Though I strongly agree that we should know how to deal or defend ourselves against these growing internet attacks.

However rather than trying to be paranoid about someone hacking you, you can take simple steps to protect your wireless connection.

Use WPA2 with AES, choose a long and complex WPA key, limit the number of devices that can connect to your network, but limiting the number of IP addresses in your DHCP pool.

Be smart, don't do anything illegal that will draw attention of the authorities or other people and always play by the book.

Don't forget to disable WPS

[httpCRASH]

I think so, digip.

bobbyb1980, let's keep it to a friendly tone, forum-wide.

There would have be some sort of "alert" or abnormal activity to bring to your attention that someone may be on your wireless network. Unless you sit and watch your access point logs for anomalies, what you are saying just isn't practical.

There are however very EXPENSIVE WiFi auditing solutions out there which will monitor for rouge access points, and do packet inspection all to a centralized server with monitor points scattered across your environment.

if its "only" about intrusion prevention, and cost is not the biggest problem a CISCO MARS server maybe? :D

would really like to get my hands on one ;)