EvilZone

Hacking and Security => Anonymity and Privacy => Topic started by: lucid on April 23, 2012, 10:28:16 AM

Title: 802.11 nickname
Post by: lucid on April 23, 2012, 10:28:16 AM
As many people know it is good to use a proxy or a few if you wish to hide you identity while doing whatever it is that you may want to do. Changing your MAC is good in combination with using a proxy/tor/public wifi/other method. However there are other less known network attributes that may be dangerous to your anonymity. Here's a tip from a good source I found.

 
Quote
The 802.11 Nickname field is a little-known feature of the wireless spec that sends your hostname to the AP. This is obviously bad.
  • Linux
         [root@machine ~/dir]#  iwconfig ath0 nickname "Fucko The Clown"
  • Mac OS
    Under Mac OS, your wireless nickname is your hostname. You can change it with sudo hostname -s "Fucko The Clown"
  • Windows
    I think your only option is to choose an obscure machine name. If you wish to change your hostname, you can either edit these registry keys (http://wiki.havenite.net/wiki/index.php?title=Common_commandline_tasks#Change_Windows_Hostname) or run the NewSID utility  (http://www.sysinternals.com/Utilities/NewSid.html)
Title: Re: 802.11 nickname
Post by: techno on May 06, 2012, 05:42:36 PM
i just read somewhere that mac address is permanent and can never be changed
is this false or am i just mistaken?
Title: Re: 802.11 nickname
Post by: p_2001 on May 06, 2012, 05:45:49 PM
Quote from: techno on May 06, 2012, 05:42:36 PM
i just read somewhere that mac address is permanent and can never be changed
is this false or am i just mistaken?

as far as I know it is hardware implemented, but it can be spoofed
Title: Re: 802.11 nickname
Post by: Kulverstukas on May 06, 2012, 07:52:56 PM
MAC address is permanent and cannot be changed permanently. Although tools exist to change it until reboot.
Title: Re: 802.11 nickname
Post by: lucid on May 07, 2012, 03:06:50 AM
Yes such as macchanger for linux. Or madmacs for windows. I think that's what it's called. If you change your mac permanently you would find that you can no longer connect to the internet
Title: Re: 802.11 nickname
Post by: Axon on May 07, 2012, 11:50:48 AM
May I add this ?

Code: [Select]
http://securityxploded.com/macaddress.php

This is more detailed for windows


Code: [Select]
http://www.windowsreference.com/networking/how-to-change-mac-address-in-windows-registry/
Title: Re: 802.11 nickname
Post by: techno on May 07, 2012, 12:46:34 PM
thanks for the replies guyz
i think now i got it
Title: Re: 802.11 nickname
Post by: Dijkstra on May 25, 2012, 04:20:56 AM
Changing your mac address is pointless. Your mac is only used within your local area network. It can be handy when trying to by-pass certain layer 2 security checkpoints on a network (for example Cisco clean access).
Title: Re: 802.11 nickname
Post by: lucid on May 25, 2012, 06:06:57 AM
You just contradicted yourself.
Quote from: Dijkstra on May 25, 2012, 04:20:56 AM
Changing your mac address is pointless. Your mac is only used within your local area network. It can be handy when trying to by-pass certain layer 2 security checkpoints on a network (for example Cisco clean access).
I don't think it's pointless. Changing your IP only an expecting to be anonymous is pointless. Seeing the same MAC appear would pretty much give away who is doing what no matter what proxy you use.
Title: Re: 802.11 nickname
Post by: techno on May 25, 2012, 06:22:44 AM
is the mac address visible when i connect to websites or is it just visible in LANs?
Title: Re: 802.11 nickname
Post by: lucid on May 25, 2012, 07:11:09 AM
Mac addresses are often used by networks to identify and track users. But websites do not see the mac address. The only way a website can track users is through cookies AFAIK. Your mac is not included i the TCP/IP packets.
Title: Re: 802.11 nickname
Post by: Dijkstra on May 25, 2012, 03:10:41 PM
Quote from: LuciD on May 25, 2012, 06:06:57 AM
You just contradicted yourself. I don't think it's pointless. Changing your IP only an expecting to be anonymous is pointless. Seeing the same MAC appear would pretty much give away who is doing what no matter what proxy you use.

I don't think what I wrote was a contradiction, I thought I had a clear dichotomy between "local area network" and "internet traffic". If you are using a proxy such as "tor" changing your mac address is quite pointless, any traffic that goes past your default gateway the mac address is actually replaced with the default gateway's mac.

Even on a school network for example, if the proxy server is on a different vlan than the lab computers, the proxy will not know the computer's mac address you are at. Obviously it will have highler levels of application data that it will track such as the AD user account.

The point I was making is there are few situations where I could see changing the mac address would be beneficial, such as my example I mentioned before (clean access). Networking applications are much smarter than they use to be.
Title: Re: 802.11 nickname
Post by: lucid on May 25, 2012, 10:19:27 PM
I was just pointing out that you said it's pointless, and then that it can be handy in the same sentence. ;D
Title: Re: 802.11 nickname
Post by: Dijkstra on May 26, 2012, 06:00:35 AM
Well not in the same sentence, but point taken. I often write as though those I am writing to know what's going on in my head, one of my many downfalls.
Title: Re: 802.11 nickname
Post by: techb on May 26, 2012, 06:24:59 AM
Machine names are widely used in finding the culprit. When I was in college, I was messing around on the network, and the sys admin found me only because my machine name was my real name.


I didn't get into trouble and actually got extra credit when I showed him the remote shell on the professors computer. In windows my name is usually "unknown" or "na". Linux it's usually an online handle or some new screen name I come up with. Which isn't good either, but I don't really do anything that could get me into shit.
Title: Re: 802.11 nickname
Post by: Dijkstra on May 26, 2012, 07:11:57 AM
Ha, Many universities are locked down pretty tight. I once had a friend almost get kicked out for running wireshark on their laptop. I suspect they had an IDS/IPS that saw all the name resolutions he was sending out (always a good idea to turn off resolution in wireshark or anything else in that manner).

The college I attended had their network pretty wide open. You could easily use cain and abel to do some APR spoofing and record tons of voip calls, fun times.
Title: Re: 802.11 nickname
Post by: p_2001 on May 26, 2012, 06:09:56 PM
Quote from: techb on May 26, 2012, 06:24:59 AM
Machine names are widely used in finding the culprit. When I was in college, I was messing around on the network, and the sys admin found me only because my machine name was my real name.


I didn't get into trouble and actually got extra credit when I showed him the remote shell on the professors computer. In windows my name is usually "unknown" or "na". Linux it's usually an online handle or some new screen name I come up with. Which isn't good either, but I don't really do anything that could get me into shit.


#1# a lesson learned early  :P and coated in sugar too...

and you really do not do anything to get into shit? duh! what use the skills are for? I mean you must have gotten curious sometime and done something?
Title: Re: 802.11 nickname
Post by: techb on May 26, 2012, 08:09:56 PM
Quote from: p_2001 on May 26, 2012, 06:09:56 PM
#1# a lesson learned early  :P and coated in sugar too...

and you really do not do anything to get into shit? duh! what use the skills are for? I mean you must have gotten curious sometime and done something?


Oh yeah, I pentest some on my own network. And knowing I can do something is good enough for me most the time. I'm not out to impress anyone, just for my own satisfaction.