May 1st, 2002, 11:25 PM
I can name one at least I am in the goverment and we bind our MAC's to the IP's on our firewall so that any outgoing traffic has to match the MAC on that IP if not then they get NO network traffic because it will deny them an IP not give a conflict. The reason we do this is so that when you have different people all trying to connect to the net you have to regulate somehow. And yes it is a full time job
May 7th, 2002, 01:02 AM
I can name at least one valid reson for changing my machine's MAC address in software. My school had each ethernet port in the dorm rooms associated with a particular mac address. No matching MAC, no network access. Period. If I were to get a new computer on Friday night with an onboard NIC, I wouldn't be able to get to the internet until Monday morning when tech support got back in the office, then it could take up to a week to get the change put into the system. Yeah I know, they're slow... Anyway, being able to set the MAC address via software would allow me to still satisfy my computer addiction until they got the new MAC address updated.
December 25th, 2003, 04:00 PM
Changing your MAC address can be used for the powers of good.
Hot swappable/backup NICs, your network is using MAC address filtering on it's Switches, the NIC on one of your application servers goes down, You've written a script to execute when certain conditions occur, such as if the NIC stops responding or a problem is detected with it, the script executes, and changes the server over to the second NIC card, and changes that second NIC's MAC address to match the original. Server is back up with a downtime in the minutes instead of hours.
Your NOC notices an abnormal amount of traffic off of a NIC, it appears to be giving off bad signal perhaps an IP storm, perhaps it's simply stuck in Broadcast mode, maybe it's another problem but it's determined the issue lies in the physical NIC card. Either way it needs to be fixed, you swap out the NIC and spoof the MAC address until you've figured out the problem with the NIC. This will allow you to troubleshoot in a test environment without changing your production environment. You may need to toss the old NIC in which case you add the new NIC's MAC address to your infrastructure, but then again you may not need to and by spoofing you can save yourself the headache of updating all of your switches with the new MAC. Once again, Minutes not Hours of Downtime.
Slarty, Your dead on right. If I connect to a network that is using MAC address filtering I may not get out of my segment, but I can certainly start a sniffer going and find other peoples MACs. By the nature of the beast MAC addresses must be sent in the clear and you can pick them out with any software network sniffer. And once you have the MAC address you can start tracking down packets and ripping them apart for authentication and encryption strings. But then if I'm able to plug into your physical network with out being detected by any IDS software than you've got other problems.