6

You hear about black hats working from coffeeshops on public WiFi, but I'm wondering how you would be able to completely mask your IP when doing this. I realize you would obviously use a VPN, but before you can do this, you need to make a connection to WiFi, where your MAC address is going to be used during this initial setup.

Because of this, wouldn't there be evidence of traffic from your IP on this network right before connecting to a VPN? Or is there some way around this that I'm not thinking about? Basically wondering how a black hat would actually hide every trace of their IP, or if this is even possible?

This answer discusses this chicken and egg problem somewhat.

123
  • 235
  • 1
  • 6
  • 13
  • When connecting to a wifi you are assigned a ip address by the router, but what you would want is hide you MAC address. Because MAC-addresses is used to route traffic within a LAN. What exactly do you mean by "real ip"? – JoakimE Mar 13 '17 at 07:46
  • 1
    I advise you to edit the title of your question, so that it would be found by readers with a possible right answer to the right problem, and wouldn't be found by readers with a right answer to a wrong problem. – dan Mar 13 '17 at 16:42

3 Answers3

11

You are going to want to research Public vs Private IP address.

Note: Before you connect to their network you have NO ip address(assuming you are not connected to another network at that time).

Let's say you are at a coffee shop and you want to connect to the Wifi. The coffee shop has a public ip address and when you connect to the Wifi hotspot, it is going to assign you a private IP address. This private IP address can be assigned to a different user later when you are done using it. So when it comes to hiding your identity before connecting to a Wifi hotspot you are going to want to change your MAC address also called MAC spoofing. (Note: MAC addresses work at Layer 2 and IP addresses work at Layer 3).

This is because some Wifi hotspots or businesses can keep track of which MAC address was assigned to which private IP address and since MAC addresses are unique to every device, they can use this to associate your computer being connected to that private IP at that time.

Also research Layer 2 vs Layer 3 in the TCP/IP hybrid model.

Hope this helps!

nd510
  • 1,738
  • 1
  • 10
  • 15
  • 1
    MAC addresses SHOULD be unique per device, but I have seen some vendors selling multiple devices with the same MAC address – Mr. E Mar 13 '17 at 15:49
  • In Windows, you automatically are still given an IP Address when not connected to a network. http://www.techrepublic.com/forums/discussions/where-did-ip-16925451183-come-from/ – Ryan Kelso Mar 13 '17 at 17:42
  • 1
    @RyanKelso that's when your computer can't find a DHCP server and doesn't really apply here. The wifi hotspot is going to act as a DHCP and if your computer is assigned the 169..... address that means it can't get a IP address from the hotspot and therefore is not going to be connected to that network. – nd510 Mar 13 '17 at 18:48
  • @Mr.E interesting, usually vendors are assigned an EUI identifier but never heard of the same mac being used. Do you remember what kind of devices they were selling? – nd510 Mar 13 '17 at 18:50
  • @ncd275 I saw that in tp-link usb adapters (I think it was the wn722n) and on some pci ethernet cards (Can't remember the vendor) – Mr. E Mar 13 '17 at 18:52
  • @Mr.E I'll have to look into that more, thanks for mentioning! – nd510 Mar 13 '17 at 18:54
  • @ncd275 If you're not connected to a network at all, of course your computer can't find a DHCP server because it's not connected to anything, resulting in a 169.254.*.* IP for your computer. If you then connect to a network (i.e. a WiFi hotspot), and it has DHCP, you will be given a new IP from that DHCP server. At no point do you have no IP in Windows AFAIK. If you mean that you have no PUBLIC IP Address before connecting to their network, then that's true, but you should clarify that in your answer. – Ryan Kelso Mar 13 '17 at 19:29
  • 2
    @RyanKelso Okay sure you have 169 address but that does not apply to his question because this random ip address generated by the computer, not the network, is NOT going to be used to identify you so its completely irrelevant to what he is asking and is only specific to Windows. If you feel the 169 is so relevant to his question, then answer the question yourself. – nd510 Mar 13 '17 at 19:42
  • On Windows 10 you can change the wifi settings so a random mac address is generated every day – Ferrybig Feb 13 '20 at 22:06
-1

Edited.

Yes, an answer to the question you linked provides a possible solution which is to block all outgoing traffic with a firewall, until a VPN connection has been set up.

I have similar rules for my desktop which kills certain applications if the VPN suddenly disconnects.

But whether you do not pass ANY information, even with the aforementioned solution, I'm unsure of. This could be tested with WireShark perhaps.

  • A question about MAC addresses not having a single mention of them in your answer is why you are getting downvoted. – whatever489 Mar 14 '17 at 19:31
  • I completely missed that! I wonder if the title+question has been edited. Thank you for the feedback thou - I'll be more thoughtful of such matter in the future nevertheless. – Tobias Andersen Mar 14 '17 at 20:29
-1

In addition to the information provided by others, I'll add that you are best off not accepting DHCP leases from such networks. Using a trivial DHCP starvation attack (dhcdrop, dhcpstarv, scapy) anyone can take over and serve leases => route, DNS servers, by running their own DHCP server. Use netdiscover (in e.g. Ubuntu repo) to discover the network range, and OpenDNS/Google DNS, and a static configuration. Add a VPN configuration as well, and use a firewall rule to use only the VPN virtual network (e.g. tun0) interface to route your traffic out.

Have a look at the attacks made possible with the wifi pineapple.

And additionally, avoid entering any password you use elsewhere into a public wifi's captive portals.

user400344
  • 863
  • 5
  • 9