EvilZone

Hacking and Security => Anonymity and Privacy => : lucid April 23, 2012, 10:28:16 AM

: 802.11 nickname
: lucid April 23, 2012, 10:28:16 AM

As many people know it is good to use a proxy or a few if you wish to hide you identity while doing whatever it is that you may want to do. Changing your MAC is good in combination with using a proxy/tor/public wifi/other method. However there are other less known network attributes that may be dangerous to your anonymity. Here's a tip from a good source I found.

 

The 802.11 Nickname field is a little-known feature of the wireless spec that sends your hostname to the AP. This is obviously bad.

• Linux
  

       [root@machine ~/dir]#  iwconfig ath0 nickname "Fucko The Clown" 

• Mac OS
  Under Mac OS, your wireless nickname is your hostname. You can change it with sudo hostname -s "Fucko The Clown"
• Windows
  I think your only option is to choose an obscure machine name. If you wish to change your hostname, you can either edit these registry keys (http://wiki.havenite.net/wiki/index.php?title=Common_commandline_tasks#Change_Windows_Hostname) or run the NewSID utility  (http://www.sysinternals.com/Utilities/NewSid.html)
  

: Re: 802.11 nickname
: techno May 06, 2012, 05:42:36 PM

i just read somewhere that mac address is permanent and can never be changed
is this false or am i just mistaken?

: Re: 802.11 nickname
: p_2001 May 06, 2012, 05:45:49 PM

: techno  May 06, 2012, 05:42:36 PM

i just read somewhere that mac address is permanent and can never be changed
is this false or am i just mistaken?

as far as I know it is hardware implemented, but it can be spoofed

: Re: 802.11 nickname
: Kulverstukas May 06, 2012, 07:52:56 PM

MAC address is permanent and cannot be changed permanently. Although tools exist to change it until reboot.

: Re: 802.11 nickname
: lucid May 07, 2012, 03:06:50 AM

Yes such as macchanger for linux. Or madmacs for windows. I think that's what it's called. If you change your mac permanently you would find that you can no longer connect to the internet

: Re: 802.11 nickname
: Axon May 07, 2012, 11:50:48 AM

May I add this ?

:

http://securityxploded.com/macaddress.php

This is more detailed for windows

:

http://www.windowsreference.com/networking/how-to-change-mac-address-in-windows-registry/

: Re: 802.11 nickname
: techno May 07, 2012, 12:46:34 PM

thanks for the replies guyz
i think now i got it

: Re: 802.11 nickname
: Dijkstra May 25, 2012, 04:20:56 AM

Changing your mac address is pointless. Your mac is only used within your local area network. It can be handy when trying to by-pass certain layer 2 security checkpoints on a network (for example Cisco clean access).

: Re: 802.11 nickname
: lucid May 25, 2012, 06:06:57 AM

You just contradicted yourself.

: Dijkstra  May 25, 2012, 04:20:56 AM

Changing your mac address is pointless. Your mac is only used within your local area network. It can be handy when trying to by-pass certain layer 2 security checkpoints on a network (for example Cisco clean access).

I don't think it's pointless. Changing your IP only an expecting to be anonymous is pointless. Seeing the same MAC appear would pretty much give away who is doing what no matter what proxy you use.

: Re: 802.11 nickname
: techno May 25, 2012, 06:22:44 AM

is the mac address visible when i connect to websites or is it just visible in LANs?

: Re: 802.11 nickname
: lucid May 25, 2012, 07:11:09 AM

Mac addresses are often used by networks to identify and track users. But websites do not see the mac address. The only way a website can track users is through cookies AFAIK. Your mac is not included i the TCP/IP packets.

: Re: 802.11 nickname
: Dijkstra May 25, 2012, 03:10:41 PM

: LuciD  May 25, 2012, 06:06:57 AM

You just contradicted yourself. I don't think it's pointless. Changing your IP only an expecting to be anonymous is pointless. Seeing the same MAC appear would pretty much give away who is doing what no matter what proxy you use.

I don't think what I wrote was a contradiction, I thought I had a clear dichotomy between "local area network" and "internet traffic". If you are using a proxy such as "tor" changing your mac address is quite pointless, any traffic that goes past your default gateway the mac address is actually replaced with the default gateway's mac.

Even on a school network for example, if the proxy server is on a different vlan than the lab computers, the proxy will not know the computer's mac address you are at. Obviously it will have highler levels of application data that it will track such as the AD user account.

The point I was making is there are few situations where I could see changing the mac address would be beneficial, such as my example I mentioned before (clean access). Networking applications are much smarter than they use to be.

: Re: 802.11 nickname
: lucid May 25, 2012, 10:19:27 PM

I was just pointing out that you said it's pointless, and then that it can be handy in the same sentence. ;D

: Re: 802.11 nickname
: Dijkstra May 26, 2012, 06:00:35 AM

Well not in the same sentence, but point taken. I often write as though those I am writing to know what's going on in my head, one of my many downfalls.

: Re: 802.11 nickname
: techb May 26, 2012, 06:24:59 AM

Machine names are widely used in finding the culprit. When I was in college, I was messing around on the network, and the sys admin found me only because my machine name was my real name.


I didn't get into trouble and actually got extra credit when I showed him the remote shell on the professors computer. In windows my name is usually "unknown" or "na". Linux it's usually an online handle or some new screen name I come up with. Which isn't good either, but I don't really do anything that could get me into shit.

: Re: 802.11 nickname
: Dijkstra May 26, 2012, 07:11:57 AM

Ha, Many universities are locked down pretty tight. I once had a friend almost get kicked out for running wireshark on their laptop. I suspect they had an IDS/IPS that saw all the name resolutions he was sending out (always a good idea to turn off resolution in wireshark or anything else in that manner).

The college I attended had their network pretty wide open. You could easily use cain and abel to do some APR spoofing and record tons of voip calls, fun times.

: Re: 802.11 nickname
: p_2001 May 26, 2012, 06:09:56 PM

: techb  May 26, 2012, 06:24:59 AM

Machine names are widely used in finding the culprit. When I was in college, I was messing around on the network, and the sys admin found me only because my machine name was my real name.


I didn't get into trouble and actually got extra credit when I showed him the remote shell on the professors computer. In windows my name is usually "unknown" or "na". Linux it's usually an online handle or some new screen name I come up with. Which isn't good either, but I don't really do anything that could get me into shit.

#1# a lesson learned early  :P and coated in sugar too...

and you really do not do anything to get into shit? duh! what use the skills are for? I mean you must have gotten curious sometime and done something?

: Re: 802.11 nickname
: techb May 26, 2012, 08:09:56 PM

: p_2001  May 26, 2012, 06:09:56 PM

#1# a lesson learned early  :P and coated in sugar too...

and you really do not do anything to get into shit? duh! what use the skills are for? I mean you must have gotten curious sometime and done something?

Oh yeah, I pentest some on my own network. And knowing I can do something is good enough for me most the time. I'm not out to impress anyone, just for my own satisfaction.