is there a way to change your mac address? i understand where it comes from but i hear that it is possible to change it in unix
Printable View
is there a way to change your mac address? i understand where it comes from but i hear that it is possible to change it in unix
Searched the web for changing mac address unix. Results 1 - 10 of about 74,200. Search took 0.21 seconds
goooooooooooogle
Erhm, aren't MAC adresses card specific? I thought they were hard-coded in the networkcard...
Guus> Depends on the network card. Some of programmable eeproms, which makes it quite easy to do. Also, some net card drivers support it. It can actully be done with ifconfig if you know what you are doing. Then again, if you didn't know what you were doing, you would type " man ifconfig " and it would tell you how to do it....
baah...ok...from google/computing.net
Quote:
THe change of the MAC address is not perminant with ifconfig, just for the duration of uptime (for perminant change you need a firmware upgrade ONLY availabel on new cards).
to change MAC address on ethernet card eth0
ifconfig hw
ie.
#ifconfig eth0 hw ether ??:??:??:??:??:??
note only HEX characters are valid in the 12HEX MAC address.
as soule said...newer cards can do this perm...(my linksys router has changeable macs)
I once saw an old arc net card were you could change the mac address using dip switches on the back.
Can you also change the mac address on wireless network cards? I know lots of wireless networks only let you connect with a recognized mac address.
Alright im not sure why you need to "spoof" a mac address but there are two ways that work.
1. reprogram the eprom on the nic (pain in the ass)
2.ifconfig eth0 hw ether ??:??:??:??:??:??
Hex characters are valid in the 12 hex mac address
Oh....i wonder what happens if you screw up a mac address?
Ghe, I never knew they were adjustable... that could come in handy filtering network traffic...
Never mind about my question :)
your nic stops working.....
486 come in handy for testing :)
linuxcomando> Thats what is nice about the ifconfig command. If you screw it up, just reboot your computer. It will return to its original address.
In therory,
If you were running a wireless network and the "allowed" connections were defined by mac address all you would have to do is packet sniff the network and the mac address should be on the packet......then you can chang your mac address......this is of course is dependent on a couple things.....but it might be fun to try on your own network......
Changing the card's mac address (temporarily) in software is generally trivial.
There are few legitimate reasons why you'd want to do this; I can't think of one.
It is nevertheless necessary to be aware that this can be done. Many institutions with public access computers use secure switches to prevent unauthorised devices from being connected to their LAN. This is naive, as by assuming the MAC address of an authorised device (which is generally trivially obtained as they can see broadcasts anyway), an attacker can bypass such security.
Even if the MAC address of the card could *not* be changed, an attacker capable of using
promiscuous mode to recieved packets and spoofing the MAC on outgoing packets could still create the same effect. (Spoofing may be the wrong
Therefore, "secure" switches are not secure (although they can legitimately be used to prevent random kiddies plugging their laptops in to download warez and such like.)
How about authenticated VLANS on switches? It takes a client and runs through either LDAP or Radius.
Hmmm, Slarty, I see your point but i don't fully agree.
If you secure every access point on the network (let say by mac address, just for the sake of argument), it would be fairly difficult to sniff the different MAC addresses (since you have to get connected first). Then even if you manage to get connected (wich you should'nt unless you had a verry good guess), you can start sniffing. But still it will be verry hard to link a sniffed mac address to a fysical access point on the network. Because how will you determine where the sniffed packet physically originates from ? At least i don't see how you could do it (hmm will have to think about this one).
Then again securing networks by the use of user defined mac addresses isn't really interesting (at least not on large networks). Just to keep the tables up to date could be a full-time job :-) I just wonder how many security admins actually have implemented this.
service_pack:
Consider this scenario:
- You connect a machine to the network which uses secure switches
- The secure switches don't allow it to send any packets because they come from a non-recognised MAC
- The machine can still see broadcasts though?
So you can sniff the broadcast packets coming from *another* machine on another secure switch port (or the same one) and then steal *its* port and MAC address?
Failing that, connect an authorised box via a crossover to a laptop, and watch for packets as it boots, grab the MAC address.
Unless the authorised boxes are physically absent, their MAC address can be compromised. Some cards have it written on the back.
http://slagheap.net/etherspoof/
might be useful to someone somewhere...
google search was : mac address spoofing
I can name one at least I am in the goverment and we bind our MAC's to the IP's on our firewall so that any outgoing traffic has to match the MAC on that IP if not then they get NO network traffic because it will deny them an IP not give a conflict. The reason we do this is so that when you have different people all trying to connect to the net you have to regulate somehow. And yes it is a full time job
I can name at least one valid reson for changing my machine's MAC address in software. My school had each ethernet port in the dorm rooms associated with a particular mac address. No matching MAC, no network access. Period. If I were to get a new computer on Friday night with an onboard NIC, I wouldn't be able to get to the internet until Monday morning when tech support got back in the office, then it could take up to a week to get the change put into the system. Yeah I know, they're slow... Anyway, being able to set the MAC address via software would allow me to still satisfy my computer addiction until they got the new MAC address updated.
Changing your MAC address can be used for the powers of good.
For instance:
Hot swappable/backup NICs, your network is using MAC address filtering on it's Switches, the NIC on one of your application servers goes down, You've written a script to execute when certain conditions occur, such as if the NIC stops responding or a problem is detected with it, the script executes, and changes the server over to the second NIC card, and changes that second NIC's MAC address to match the original. Server is back up with a downtime in the minutes instead of hours.
or
Your NOC notices an abnormal amount of traffic off of a NIC, it appears to be giving off bad signal perhaps an IP storm, perhaps it's simply stuck in Broadcast mode, maybe it's another problem but it's determined the issue lies in the physical NIC card. Either way it needs to be fixed, you swap out the NIC and spoof the MAC address until you've figured out the problem with the NIC. This will allow you to troubleshoot in a test environment without changing your production environment. You may need to toss the old NIC in which case you add the new NIC's MAC address to your infrastructure, but then again you may not need to and by spoofing you can save yourself the headache of updating all of your switches with the new MAC. Once again, Minutes not Hours of Downtime.
Slarty, Your dead on right. If I connect to a network that is using MAC address filtering I may not get out of my segment, but I can certainly start a sniffer going and find other peoples MACs. By the nature of the beast MAC addresses must be sent in the clear and you can pick them out with any software network sniffer. And once you have the MAC address you can start tracking down packets and ripping them apart for authentication and encryption strings. But then if I'm able to plug into your physical network with out being detected by any IDS software than you've got other problems.
Cheers,
FyreMouse