Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: How To Make A PC Invisible On The LAN

How To Make A PC Invisible On The LAN 12 years 3 months ago #4898

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
Hi All,

Say, a group of PC's running MS Windows OS were networked together to form a small LAN. Is it possible to make any/all PC's invisible to one another on the same LAN?

Did I Google it? No. Could I Have? Yes.

But Wisdom is to learn from other peoples experiences and
not re-invent the wheel.

ThankYou
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.

Re: How To Make A PC Invisible On The LAN 12 years 3 months ago #4905

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Yeah,
personal firewall with a rule DROPPING (not denying) everything from the machines you want it to remain invisible from.

Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: How To Make A PC Invisible On The LAN 12 years 3 months ago #4908

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
I was wondering if it's possible to tweak the OS itself without the help of either a software/hardware firewall.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.

Re: How To Make A PC Invisible On The LAN 12 years 3 months ago #4910

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Well I don't can't think of any way off the top of my head that you could do that without breaking some part of the TCP/IP stack.
Basically what you're talking about is a system that can initiate conversations on the network but will not respond to any form of communication initiated by another host.

There is only one way to make it absolutely invisible.. and that will involve making sure it cannot speak on the network -- you sever its vocal chords by killing off arp..

In Linux this would be
ifconfig eth0 -arp
and its commonly used on sensor interfaces for IDS'.

To understand why this is important.. take a host protected by a firewall that blocks everything.. if its on the same subnet, you can arp for it, and it will respond with its MAC address, in other words you have identified that it is live on the network, despite the filtering at layer 3 and above. An ARP 'ping' if you want to call it such...

Do you see where I'm going with this ?

Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: How To Make A PC Invisible On The LAN 12 years 3 months ago #4911

  • FallenZer0
  • FallenZer0's Avatar
  • Offline
  • Senior Member
  • Posts: 259
  • Karma: 0
To understand why this is important.. take a host protected by a firewall that blocks everything.. if its on the same subnet, you can arp for it, and it will respond with its MAC address, in other words you have identified that it is live on the network, despite the filtering at layer 3 and above. An ARP 'ping' if you want to call it such...

Do you see where I'm going with this ?

Cheers,

If a host is protected by a firewall that blocks everything, if it's on the same subnet, a little bit of common sense would tell me that it should block ARP, shouldn't it? Just a thought. I could be wrong and I am often wrong.
-There Is A Foolish Corner In The Brain Of The Wisest Man- Aristotle
The administrator has disabled public write access.

Re: How To Make A PC Invisible On The LAN 12 years 3 months ago #4925

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
First, the firewall will have to be located on the host itself (a personal firewall), if it is just a firewall on the same subnet, the packets will never route through the firewall and so it wont do any packet filtering.

Second, the firewall cannot filter arp, if it filters arp, then nothing can talk to that host. Its impossible to get its mac address.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup