Skip to main content

How To Make A PC Invisible On The LAN

More
20 years 2 months ago #4898 by FallenZer0
Hi All,

Say, a group of PC's running MS Windows OS were networked together to form a small LAN. Is it possible to make any/all PC's invisible to one another on the same LAN?

Did I Google it? No. Could I Have? Yes.

But Wisdom is to learn from other peoples experiences and
not re-invent the wheel.

ThankYou

-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
More
20 years 2 months ago #4905 by sahirh
Yeah,
personal firewall with a rule DROPPING (not denying) everything from the machines you want it to remain invisible from.

Cheers,

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
20 years 2 months ago #4908 by FallenZer0
I was wondering if it's possible to tweak the OS itself without the help of either a software/hardware firewall.

-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
More
20 years 2 months ago #4910 by sahirh
Well I don't can't think of any way off the top of my head that you could do that without breaking some part of the TCP/IP stack.
Basically what you're talking about is a system that can initiate conversations on the network but will not respond to any form of communication initiated by another host.

There is only one way to make it absolutely invisible.. and that will involve making sure it cannot speak on the network -- you sever its vocal chords by killing off arp..

In Linux this would be
ifconfig eth0 -arp
and its commonly used on sensor interfaces for IDS'.

To understand why this is important.. take a host protected by a firewall that blocks everything.. if its on the same subnet, you can arp for it, and it will respond with its MAC address, in other words you have identified that it is live on the network, despite the filtering at layer 3 and above. An ARP 'ping' if you want to call it such...

Do you see where I'm going with this ?

Cheers,

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
20 years 2 months ago #4911 by FallenZer0

To understand why this is important.. take a host protected by a firewall that blocks everything.. if its on the same subnet, you can arp for it, and it will respond with its MAC address, in other words you have identified that it is live on the network, despite the filtering at layer 3 and above. An ARP 'ping' if you want to call it such...

Do you see where I'm going with this ?

Cheers,


If a host is protected by a firewall that blocks everything, if it's on the same subnet, a little bit of common sense would tell me that it should block ARP, shouldn't it? Just a thought. I could be wrong and I am often wrong.

-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
More
20 years 2 months ago #4925 by sahirh
First, the firewall will have to be located on the host itself (a personal firewall), if it is just a firewall on the same subnet, the packets will never route through the firewall and so it wont do any packet filtering.

Second, the firewall cannot filter arp, if it filters arp, then nothing can talk to that host. Its impossible to get its mac address.

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.139 seconds