1

Some people use software like whoisonmywifi and so on.

Is there a way to bypass this software? I think it pings all IP addresses like 192.168.1.0/24 so it will ping all addresses.

Can I disable the ability to be pinged? Can I bypass this software?

tangrs
  • 688
  • 5
  • 12
m0nprogrammer
  • 29
  • 1
  • 4

2 Answers2

4

You could sniff the network for traffic and change your network configuration to an active machine(i.e. MAC address):

# ifconfig wlan0 down
# ifconfig wlan0 hw ether DE:AD:66:55:12:34  <== sniffed MAC
# ifconfig wlan0 up

assuming wlan0 is your wireless network interface. On Windows you can do something like this.

Now there should be two work stations with the same network configuration, so it's difficult to tell who is who since whoisonmywifi can't tell the difference. You can always clone the access point(the router itself) so that your traffic becomes more difficult to block(at least to non tech savvy people). Note that the network may be less stable due to the conflicting packets arriving to both connected machines(yours network session is (most likely) different than the one on the machine you are impersonating).

In order to sniff traffic you can use wireshark and set it to your wireless network interface(i.e. wlan0).

Sebi
  • 1,391
  • 9
  • 16
  • Can two hosts with the same MAC address connect to the same network ? – m0nprogrammer Jul 19 '15 at 13:03
  • Yes, there is no authentication done at the Data Link layer. – Sebi Jul 19 '15 at 13:06
  • clone the access point (the router itself) , do you talk about creating a fake AP ? – m0nprogrammer Jul 19 '15 at 13:14
  • No, just having the same MAC and IP is sufficient. You can get them by monitoring the network. – Sebi Jul 19 '15 at 13:15
  • Can blocking ping using iptable lead to bypass this software ? – m0nprogrammer Jul 19 '15 at 13:43
  • No, it is very unlikely that it's using ping at all. It may be a custom driver that monitors packets on the wireless adapter and simply retains the network address value. – Sebi Jul 19 '15 at 14:17
  • @Sebi could this somehow leave a trace in logs to identify that someone connected to your network by this method? – rmagnum2002 Jul 19 '15 at 17:36
  • @rmagnum2002 No, as initially you are monitoring traffic and not sending any packets. When you change your network identifiers you are already impersonating a station. Through packet inspection it can be detected that "the same host"(both your machine and the one you are impersonating) have conflicting sessions, but no one can tell who is legit. – Sebi Jul 19 '15 at 18:34
  • 3
    You should note that you're likely to kick off the other machine or cause connectivity issues using this tactic. Also seeing two hosts with different IP addresses but the same mac can cause some alerts. – KDEx Jul 19 '15 at 20:46
  • True, there will be conflicting sessions, but on the AP's end it appears that there is only one machine(since both the network and MAC address have been spoofed). – Sebi Jul 19 '15 at 21:10
0

you should change your hostname too btw this bash script can be useful (macchanger should be installed):

echo ""
echo "THIS SCRIPT WILL SET A RANDOM HOSTNAME AND"
echo "RENEW YOUR I.P. WITH A RANDOM MAC ADDRESS"
echo ""
echo ""
echo "TO ABORT PRESS: Ctrl+c"
echo ""
echo "PRESS ENTER TO CONTINUE: "
read enter
sleep 0.25
clear
sleep 0.5
#Get Random String
#Ref: http://tldp.org/LDP/abs/html/string-manipulation.html#RANDSTRING

POS=2  # Starting from position 2 in the string.
LEN=8  # Extract eight characters.
str0="$$"
str1=$( echo "$str0" | md5sum | md5sum )
# Doubly scramble:     ^^^^^^   ^^^^^^

randstring="${str1:$POS:$LEN}"
# Can parameterize ^^^^ ^^^^

# Set it to Hostname
echo
echo [*] Randomizing hostname ..
echo 
hostname $randstring
echo -en Your new hostname is "\E[32m$randstring"
tput sgr0;
echo 
echo 
sleep 2

########################################################
#Renew IP
echo "which interface is connected to the internet?"
read iface
echo
echo [*] Renewing IP with random MAC
echo 

ifconfig $iface down
sleep 1
macchanger -r $iface
echo 
sleep 1
ifconfig $iface up
sleep 1
/etc/init.d/networking restart
ifconfig | grep "inet addr:"

echo
echo [*] Done
echo

I think with ettercap and ARP poison technique you can astray the admin of network

N3TC4T
  • 9
  • 2