Pages: [1]   Go Down
Print
Author Topic: How to recognize a specific device? Machine name, macaddress, anything more?  (Read 7167 times)
rotation
Newbie
*
Posts: 20


View Profile
« on: August 14, 2013, 08:07:02 AM »

e.g. Backbox is installed on a laptop, it is connecting via WLAN.
How can a specific machine be recognized by a server?
E.G: the machine gets the same ip address: MAC Adress
or the machines name.
Is there anything more, for tracking a specific laptop?


Furthermore:
If a mobile device (smartphone) is connecting via WLAN, are these options of recognising a specific device the same?
« Last Edit: August 18, 2013, 12:12:19 AM by ZEROF » Logged
weVeg
Hero Member
*****
Posts: 733


View Profile
« Reply #1 on: August 14, 2013, 10:00:39 AM »

sorry I can't understand.... try to be more precise please!!
Logged

una voce libera è sempre liberatrice
under_r00t
rotation
Newbie
*
Posts: 20


View Profile
« Reply #2 on: August 17, 2013, 03:48:46 PM »

A person has a device, e.g. a laptop.
This person connects to my network via WLAN, leaves then.
Then the person comes back and connects again.
How can the laptop be distinguished from others?
MAC-Address is one thing, Computer name another.
Are there other methods of recognizing or fingerprinting a specific device?

Not necessarily a laptop. Could be a smartphone too.
Logged
weVeg
Hero Member
*****
Posts: 733


View Profile
« Reply #3 on: August 17, 2013, 04:52:48 PM »

host name, IP address and MAC address.... I think nothing else....
Logged

una voce libera è sempre liberatrice
under_r00t
b4d_bl0ck
Global Moderator
Sr. Member
*****
Posts: 285



View Profile
« Reply #4 on: August 17, 2013, 07:05:03 PM »

This person connects to my network via WLAN, leaves then.
Then the person comes back and connects again.
How can the laptop be distinguished from others?
These three lines let me think you want to find an element that would make an host recognizable over the single session. I mean, the host connects/disconnects/re-connects and you still want to say that the last host connected is actually the host connected previously... Am i right?

If this is the case... well, as said by weVeg, the three elements that identify a host on a network are baically hostname, IP addr, MAC addr. But all these three attributes can be changed/spoofed...
So if the host associates to the network, then disconnects, changes the three parameters we mentioned, and then reconnects back, i think you will never be able to establish if it's a new host or the host that disconnected few minutes before.
Obviously if you can conduct a deep scan on the host the first and the second time, and you can find some well recognizable services both the times, depending on the "normal" activity of your lan (you know how many people connect every day to your network), you can guess if it's likely or not that the two hosts connected in different times are actually the same host. But this is just a probability issue, you can never say that for sure.

Also there might be reserved IP, MAC filters, hostname filters, account based association (EAP/RADIUS) and so on applied to the network, and this would change something, but in every case you'll never know who a host is untill you see it with your eyes Tongue

Hope this was useful.
Bye.
Logged

bool secure = check_paranoia() ? true : false;
rotation
Newbie
*
Posts: 20


View Profile
« Reply #5 on: August 27, 2013, 05:59:50 PM »

Ok, thanks.
My colleague said, a IT admin can track someone by "monitoring the persons port".
Do you know what my colleague meant?
Did he mean the connection to the internet via VPN? Because we are in an environment where internet access is only possible by VPN.
Logged
ZEROF
Hero Member
*****
Posts: 911


View Profile WWW
« Reply #6 on: August 29, 2013, 02:52:50 AM »

Hi,

It's all about network settings and software used for monitoring. If a user has good VPN all connections are secure and it's not possible to get information about that connection.

Wink
Ok, thanks.
My colleague said, a IT admin can track someone by "monitoring the persons port".
Do you know what my colleague meant?
Did he mean the connection to the internet via VPN? Because we are in an environment where internet access is only possible by VPN.
Logged


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*
Pages: [1]   Go Up
Print
Jump to: