Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Nmap output help.

  1. #1
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795

    Wink Nmap output help.

    Hellow fellow members of AO. I was scanning one of my systems on my LAN

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\cn22>cd c:\nmap-4.11

    C:\nmap-4.11>nmap -sS -osscan-guess -sV --version-all -P0 192.168.0.100

    Starting Nmap 4.11 ( http://www.insecure.org/nmap ) at 2006-09-30 21:46 Atlantic
    Daylight Time
    All 1680 scanned ports on 192.168.0.100 are filtered
    MAC Address: 00:04:5A:7F:E0:06 (The Linksys Group)

    Nmap finished: 1 IP address (1 host up) scanned in 42.313 seconds

    C:\nmap-4.11>
    and I was wondering is there anyway, to block nmap from finding/displaying my MAC address from my other system? Also, how I could make this output more secure? Meaning, when someone scans that system for shits and giggles, I don't want them seeing the MAC address, or me see the results? I am currently running windows XP SP2 firewall. Both systems running XP Pro. All help is greatly apprecited.

  2. #2
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I don't believe you're going to hide a MAC address from nmap. There's a few ways to spoof MAC addresses. Proxies will hide your true MAC address from the sites you visit. There's apps out there that will change your MAC address on your computer. SMAC is one of the better known apps for doing so. But be aware, SMAC's going to change the MAC on the PC, but not your router.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  3. #3
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    I don't believe you're going to hide a MAC address from nmap. There's a few ways to spoof MAC addresses. Proxies will hide your true MAC address from the sites you visit. There's apps out there that will change your MAC address on your computer. SMAC is one of the better known apps for doing so. But be aware, SMAC's going to change the MAC on the PC, but not your router.
    Thanks for the reply. However, I do know about MAC address spoofing. Also, I really don't want to download 3rd party software to do this. Is there any method through the OS itself? Both systems on LAN are running XP Pro SP2.

    Is there anyway of hiding my MAC address from nmap without the use of 3rd party applications?

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Is there anyway of hiding my MAC address from nmap without the use of 3rd party applications?
    Try this link. I've never really messed with changing MAC addresses. You do know if your LAN is scanned from the WAN, the MAC addresses of your PC's aren't going to show. Only the MAC address of your router/gateway will show via nmap. HTH.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    There is no point in changing your MAC address unless:
    1. "they" are scanning from within your network
    2. you use a wireless router and they are within range of your wireless network


    Changing your box's MAC address is pretty pointless, otherwise. And besides, you'd have to reconfigure your router once you've done the deed.
    ...This Space For Rent.

    -[WebCarnage]

  6. #6
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    There is no point in changing your MAC address unless:




    "they" are scanning from within your network

    you use a wireless router and they are within range of your wireless network



    Changing your box's MAC address is pretty pointless, otherwise. And besides, you'd have to reconfigure your router once you've done the deed.
    Nice reply. Take some greenies(+). Now, I don't want to 'change my MAC address,' or download 3rd party applications.

    I am just curious is there anyway of hiding my MAC address from a nmap scan? Perferaby through the OS? (Windows xp sp2) and without the use of 3rd party applications?

    Thank you,

  7. #7
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey

    BrokenCrow: Proxies have nothing to do with your MAC Address... They hide your IP Address (in theory).... Your MAC Address isn't seen by anything off your LAN...

    WebCarnage: It was great to see someone saying it was pointless... however I'm not sure I agree with the two scenerios you gave for actually changing the MAC Address.. neither of those would be overly useful either..

    CN22: You don't change/hide your MAC Address...

    Can you change a MAC Address... yes....
    Is there a point to it (non-malicious)... No... (Unless you're one of those poor individuals who gets two NICs with the same MAC and yes... it does happen... because of the unlikelihood of the same LAN having both the NICs and the fact that MAC Addresses are limited companies will reuse MAC Addresses)..

    Your MAC Address is going to be displayed to anyone on your logical segment of the network.. essentially your LAN (You could argue that a LAN could be divided with routers and then it would only be a segment of the LAN... but we'll say that a LAN has a single router as it's gateway for the purpose of this)...

    MAC Addresses are OSI Layer 2 Addresses... they are how Ethernet communication occurs... Anytime you communicate with another computer... a series of steps occur.... It's been a bit since I've covered the theory and I'm way to lazy to pull up sources... so let's see how I do..

    Your computer looks at the DST Address and logically ANDs it with the longest subnet mask in your route table (most 1s)... If the address falls on a route that is listed it sends out an ARP Request... "Who Has 192.168.1.1" (for example)... It gets a response back saying "01:23:34:56:78:9A has 192.168.1.1" and addresses the packet to that MAC Address before placing it on the wire... Each NIC on the ethernet LAN Segment looks at the MAC Address and says no it's not for me and stops reading (Unless you're using say Ethereal in Promiscuous mode)... If a match can't be found in your route table.... the packet is forwarded to your default gateway... and the default gateway attempts to send it to the right destination.. if it doesn't know the route to the network it forwards it to someone else... Everytime the packet is sent the layer 2 information is rewritten so no one beyond the router closest to you will see your MAC Address..


    As you can see... hiding your MAC Address means that you can't participate in Ethernet communication... rendering your client nearly useless.... which is why you would't want to be hiding your MAC Address... and if you change it... the best you'll do is hide which NIC vendor your card belongs to... they're still going to get your MAC Address (which is now the address you've changed it to).

    Peace,
    HT

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    Originally posted here by HTRegz

    WebCarnage: It was great to see someone saying it was pointless... however I'm not sure I agree with the two scenerios you gave for actually changing the MAC Address.. neither of those would be overly useful either..
    Well, the scenario (as far as the wireless one is concerned) I was thinking about was: lets say he has a wireless connection that only allows specific cards (detected via MAC Address) to connect to the network. A hacker (using something as simple as Ethereal) could determine one or more MAC Addresses that are allowed on that network and modify their own MAC address to allow themselves access onto the network. This gives rise to a whole host of other problems for the attacker (and defender), ig. conflicting MAC Addresses, but if you're good enough I'm sure you'd find a way (something as easy as wait for them to stop using the network -- ie. reboot/shutdown computer).

    For Windows I know you can change the MAC Address using regedit in HKEY_LOCAL_MACHINE -> System -> CurrentControlSet -> Control Folders. You have to dig around to find your wireless network adapter, you can edit by making a new String Value and it is here where you can enter whatever MAC Address you feel like having. I think this requires a reboot. But, like HTRez said (i think), changing the address may cause the card to become unresponsive to the network.
    ...This Space For Rent.

    -[WebCarnage]

  9. #9
    Correct me if I'm wrong, but isn't the mac address more or less the lowest level of addressing on an ethernet network? So, the computers on network have to know which computer has which mac address (or rather, the routing tables contain this info and if it isn't there the computer sends a broadcast request) so that it can know where to send data. Therefore you have to have the correct mac to communicate, so there isn't any way you can "hide" a mac address, someone with ethereal will always be able to see where an individual frame came from and where it's going to mac-address wise.
    Again, networking isn't my strongest point, so I may very well be wrong; corrections welcome.

  10. #10
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Originally posted here by netRealm
    Correct me if I'm wrong, but isn't the mac address more or less the lowest level of addressing on an ethernet network? So, the computers on network have to know which computer has which mac address (or rather, the routing tables contain this info and if it isn't there the computer sends a broadcast request) so that it can know where to send data. Therefore you have to have the correct mac to communicate, so there isn't any way you can "hide" a mac address, someone with ethereal will always be able to see where an individual frame came from and where it's going to mac-address wise.
    Again, networking isn't my strongest point, so I may very well be wrong; corrections welcome.
    Yes that is correct and that's what I asid... You can spoof a Mac address... (ethereal would see the spoofed address) but you wouldn't receive the response...

    WebCarnage: That would be for malicious purposes... I don't see those as "valid" reasons to change your MAC because I don't consider malicious activity to be "valid activity" however yes... that's an example of where someone would change their MAC Address... and I wasn't saying the computer wouldn't be able to communicate if you changed the MAC Address... due to limitations on my LAN at home I regularly set my MAC Address on various machines... What i was saying was that if you COULD mask your MAC.. you would effectively kill communication between your machine and others on the segment.

    Peace,
    HT

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •