Mac Address Change

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View


Are the MAC addresses of most wifi radios changeable?

Which address of which is used in authentication when connecting to an
AP?

User x buys a radio to connect to local AP. If Admin Y does not like
user x net activities, even if legal, he simply has to block x's MAC and
the radio is then useless for that AP.

Re: Mac Address Change


JDavidson wrote:
Quoted text here. Click to load it

Or Admin Y can choose to only allow certain MAC addresses.



Re: Mac Address Change



Quoted text here. Click to load it

Yes.


Essentially meaningless, because x can easily snoop and spoof some other
MAC.

Quoted text here. Click to load it

Essentially meaningless for the same reason.

--
Best regards,   FAQ for Wireless Internet: <http://Wireless.wikia.com
John Navas      FAQ for Wi-Fi:  <http://wireless.wikia.com/wiki/Wi-Fi
           Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To
Fixes to Wi-Fi Problems:  <http://wireless.wikia.com/wiki/Wi-Fi_Fixes

Re: Mac Address Change


John Navas wrote:
Quoted text here. Click to load it

I see that written here often. So John explain in a way that everyone can
understand the procedure to "easily spoof" the 'allowed' MAC address of a
client radio.



Re: Mac Address Change



Quoted text here. Click to load it

<http://www.tech-faq.com/wi-fi-software-tools.shtml#wi-fi-software-tools-for-unix
<http://www.uninett.no/wlan/wlanthreat.html#02
<http://tuxmobil.org/linux_wireless_sniffer.html
<http://wiki.personaltelco.net/index.cgi/WirelessSniffer
<http://www.engadget.com/2006/01/22/wifi-sniffer-turns-your-ds-into-a-wardriving-tool/
<http://www.sharewareconnection.com/sniff-em.htm
<http://en.wikipedia.org/wiki/AiroPeek
<http://www.wildpackets.com/products/airopeek/overview
<http://en.wikipedia.org/wiki/MAC_address#Changing_MAC_addresses
<http://www.klcconsulting.net/smac/

--
Best regards,   FAQ for Wireless Internet: <http://Wireless.wikia.com
John Navas      FAQ for Wi-Fi:  <http://wireless.wikia.com/wiki/Wi-Fi
           Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To
Fixes to Wi-Fi Problems:  <http://wireless.wikia.com/wiki/Wi-Fi_Fixes

Re: Mac Address Change


DanR wrote:

Quoted text here. Click to load it

Beats me how you'd do it on Windows.  On my linux system, I put the MAC
address I want to use in a single config file, and that's all the network
will see.
--
derek

Re: Mac Address Change



Quoted text here. Click to load it

There's quite a bit here on changing the MAC address.
  http://en.wikipedia.org/wiki/MAC_address#Changing_MAC_addresses

The proceedure is quite simple.  The idea is to impersonate a
previously connected valid client radio:
1.  Passive sniff some valid over the air traffic with Kismet.
    That should disclose the clients MAC and IP addresses.
2.  Use one of the various utilities listed in the above URL to
    change the MAC address.  
3.  (Optional) If IP address filtering is active, also set a
    static IP address.
4.  Wait for the ARP table in the router to flush and then connect.

--
Jeff Liebermann     jeffl@comix.santa-cruz.ca.us
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: Mac Address Change



Quoted text here. Click to load it

As Derek points out above, I think this is OS dependent and cannot be
done on some OS's, including I think earlier versions of Windows.

 
<snip>

Re: Mac Address Change


Quoted text here. Click to load it
Agreed.

But network card drivers for some LAN adaptors have always allowed this even
in old flavors of Windows or even DOS.

Anything that supported DECnet or SNA had to allow the MAC to be changed in
some way (note that these requirements predate 802.11 WLANs). Most WLAN
drivers seem to pretend to be Ethernet, so have inherited some capabilities.

dont you love backward compatibility?
Quoted text here. Click to load it
--
Regards

stephen_hope@xyzworld.com - replace xyz with ntl



Re: Mac Address Change


JDavidson wrote:

Quoted text here. Click to load it

You can change the MAC in most (all) contemporary operating systems.

Most old Ethernet cards had an OS independent flash utilty. You booted
up with a floppy, loaded the utility and entered whatever MAC you wanted
and then wrote it to the EPROM.

Re: Mac Address Change


On Tue, 13 Jun 2006 19:53:30 +0000 (UTC), JDavidson

Quoted text here. Click to load it
(...)
Quoted text here. Click to load it


Nope.  As far as I know, *ALL* current operating systems allow for
changes in the MAC addresses.  Even OS/2 does that (as I found out
after cloning a working machine and ending up with 5 additional
machines with the same MAC address).  In XP, some network cards (not
all) allow you to change it in the "advanced" tab of the network
adapter properties.  I just tried it on a Windoze 98 (first edition)
laptop with an ethernet PCMCIA card.  Works fine.  I don't have
anything handy with Windoze 95 or 3.1 on it to test.



  
--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558            jeffl@comix.santa-cruz.ca.us
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com               AE6KS

Re: Mac Address Change


Jeff Liebermann wrote:
Quoted text here. Click to load it

Looks like you all answered my question. Looks especially easy to use the
"Properties menu, in the Advanced tab, as "MAC Address", "Locally
Administered Address" method. In my case that field is blank. Still have to
jump through a few hoops to sniff a MAC address though. Thanks for the
interesting links.



Re: Mac Address Change


wrote:

Quoted text here. Click to load it

My 3C920 integrated ethernet gizmo on my office XP box has it listed
as "Network Address" in the advanced properties.

However, that's too easy and no fun.  For real entertainment value and
gross abuse, try a MAC flood.  See:
  http://en.wikipedia.org/wiki/Mac_flooding
However, here's where I draw the line.  Get your own exploit tools. I
have yet to see one go into failopen mode and act like a hub.
Most cheapo wireless routers will hang, reboot, refuse to pass
traffic, or just act insane.  


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558            jeffl@comix.santa-cruz.ca.us
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com               AE6KS

Re: Mac Address Change



Quoted text here. Click to load it

But we have been talking about the MAC address of the NIC, not, for
example the MAC for an AP in client mode (bridge). Which MAC gets sent
to the distant internet WAN AP? In one radio I use it gives the
option in the setup of sending either the MAC of the computer or it's
own MAC, so you have two possible numbers to send. What utility did you
use for the win98 that you said you were able to set the MAC on?

Quoted text here. Click to load it


Re: Mac Address Change


On Wed, 14 Jun 2006 00:07:39 +0000 (UTC), JDavidson

Quoted text here. Click to load it

There's no such thing as an "internet WAN AP".  I think you mean "gets
sent to the ISP's gateway router".  If there's a router in the users
system, the MAC address of the WAN interface of the router gets sent
to the ISP.  The ethernet switch MAC addresses, wireless MAC address
on the LAN side of the router each have their own MAC addresses.  The
WAN and LAN addresses are usually different, but can be made to be the
same (which is what MAC address cloning feature does).  Changing the
MAC address of the client radio or ethernet card does not propogate
through the router.

There's a common misconception that the MAC address is attached to
"the router" or something like that.  Not so.  Each interface
(hardware port) has it's own different MAC address.  Go to:
  https://office.LearnByDestroying.com:8080 /
This is my office router running DD-WRT.  Note that the LAN, WAN, and
wireless MAC addresses are all different.  At the bottom, note that
the DHCP connected devices are also different.  On the LAN side, the
originating MAC addresses are that of the client device (wireless or
wired ethernet).  On the LAN side, it's the MAC address of the WAN
side of the router.

Quoted text here. Click to load it

Most routers and some access points allow you to "clone" the MAC
address of the attached client computer (or just change it manually to
whatever is convenient).  This is handy for ISP's that authenticate
the user by the connecting device MAC address.  If the router was NOT
in the system, and the user connected directly to the DSL or cable
modem with their computer, the ISP's authentication database will have
the MAC address of the computer.  When the router is inserted in
between the modem and the computer, the ISP will see the MAC address
of the WAN interface of the router.  This will fail authentication
unless the computers MAC address is cloned.

Quoted text here. Click to load it

http://www.klcconsulting.net/change_mac_w98.htm

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558            jeffl@comix.santa-cruz.ca.us
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com               AE6KS

Re: Mac Address Change



Quoted text here. Click to load it

<snip>
 
Quoted text here. Click to load it

So, the easiest way to change the MAC sent to the ISP gateway router is
to change the MAC of the computer and then clone the MAC at the radio/
bridge (assuming there is no router, or at the router if you use one)?
You say most routers allow this, what about wireless ethernet bridges?
How to determine if the bridge (or router if used) allows for
cloning of the computers MAC prior to purchase?

I think all the utilities mentioned in earlier posts are for changing
the MAC of the computer NIC, not the MAC of the bridge (or, if a router
is used, the router) If that's the case then a radio bridge (or
router if used), has to have the ability to clone the MAC address of the
computer and you must change the NIC address and then clone it in order
to change the MAC info sent to the ISP's gateway router.

<snip>

Quoted text here. Click to load it

Or in the case of using a client bridge (or router if used) to connect
to a public AP, if the admin does not like your traffic, he simply
blocks the MAC and your expensive radio equipment is now worthless (if
that's your only AP, your SOL) until and IF you can change MAC that is
being sent. I think you are saying it's a two step process-changing the
NIC MAC of the computer and then cloning it at the bridge radio or
router.

<snip>

Re: Mac Address Change



Quoted text here. Click to load it

Or just set the MAC address manually.

Quoted text here. Click to load it

Likewise.


RTFM.


Correct.


Or enter it manually.

Quoted text here. Click to load it

Which is trivial.

Quoted text here. Click to load it

Or manually.

--
Best regards,   FAQ for Wireless Internet: <http://Wireless.wikia.com
John Navas      FAQ for Wi-Fi:  <http://wireless.wikia.com/wiki/Wi-Fi
           Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To
Fixes to Wi-Fi Problems:  <http://wireless.wikia.com/wiki/Wi-Fi_Fixes

Re: Mac Address Change


Thanks to you and all for the good answers. In further reading on this
MAC address question (I am no engineer) I discover that, depending on
the admin, a gateway may be using sophisticated security software that
can discriminate between real MAC addresses and made up MAC addresses. I
think the questions is still unresolved as to how effective they can be
in MAC address blocking. While this type of security software is mainly
intended to prevent network access/DOS attacks, the question of how
effective they can be in blocking users for what might be good, but
could be wrong reasons remains unanswered. It makes no sense to me to
buy expensive hardware to access an advertised public AP when the people
on the other end can easily block you, and, since you are not paying,
you have little recourse. But at least I know now that the
MAC address can be changed.



Quoted text here. Click to load it


Re: Mac Address Change



Quoted text here. Click to load it

Very unlikely in my experience.

Quoted text here. Click to load it

I don't know of any knowledgeable admins that would depend on it.

Quoted text here. Click to load it

DoS attacks are usually defended against in other ways, depending on the
type of attack -- the last MAC address is usually meaningless.

Quoted text here. Click to load it

Why would they want to block you?  Might there be good cause?

Quoted text here. Click to load it

I'd say zero recourse.

Quoted text here. Click to load it

No offense intended, but it sounds like they might have good cause to
keep you out, and you're trying to work around their defenses.

-John

Quoted text here. Click to load it

--
Best regards,   FAQ for Wireless Internet: <http://Wireless.wikia.com
John Navas      FAQ for Wi-Fi:  <http://wireless.wikia.com/wiki/Wi-Fi
           Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To
Fixes to Wi-Fi Problems:  <http://wireless.wikia.com/wiki/Wi-Fi_Fixes

Re: Mac Address Change



Quoted text here. Click to load it

HaHa, no, really doing nothing illegal (or even immoral), I guess I'm a
little suspicious of a gov. sponsored AP that offers no encryption of it's
own.

Site Timeline