Are the MAC addresses of most wifi radios changeable?
Which address of which is used in authentication when connecting to an AP?
User x buys a radio to connect to local AP. If Admin Y does not like user x net activities, even if legal, he simply has to block x's MAC and the radio is then useless for that AP.
Or Admin Y can choose to only allow certain MAC addresses.
On Tue, 13 Jun 2006 02:43:42 GMT, "DanR" wrote in :
Yes.
Essentially meaningless, because x can easily snoop and spoof some other MAC.
Essentially meaningless for the same reason.
I see that written here often. So John explain in a way that everyone can understand the procedure to "easily spoof" the 'allowed' MAC address of a client radio.
On Tue, 13 Jun 2006 13:03:20 GMT, "DanR" wrote in :
Beats me how you'd do it on Windows. On my linux system, I put the MAC address I want to use in a single config file, and that's all the network will see.
"DanR" hath wroth:
There's quite a bit here on changing the MAC address.
Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:
As Derek points out above, I think this is OS dependent and cannot be done on some OS's, including I think earlier versions of Windows.
Agreed.
But network card drivers for some LAN adaptors have always allowed this even in old flavors of Windows or even DOS.
Anything that supported DECnet or SNA had to allow the MAC to be changed in some way (note that these requirements predate 802.11 WLANs). Most WLAN drivers seem to pretend to be Ethernet, so have inherited some capabilities.
dont you love backward compatibility?
You can change the MAC in most (all) contemporary operating systems.
Most old Ethernet cards had an OS independent flash utilty. You booted up with a floppy, loaded the utility and entered whatever MAC you wanted and then wrote it to the EPROM.
Nope. As far as I know, *ALL* current operating systems allow for changes in the MAC addresses. Even OS/2 does that (as I found out after cloning a working machine and ending up with 5 additional machines with the same MAC address). In XP, some network cards (not all) allow you to change it in the "advanced" tab of the network adapter properties. I just tried it on a Windoze 98 (first edition) laptop with an ethernet PCMCIA card. Works fine. I don't have anything handy with Windoze 95 or 3.1 on it to test.
Looks like you all answered my question. Looks especially easy to use the "Properties menu, in the Advanced tab, as "MAC Address", "Locally Administered Address" method. In my case that field is blank. Still have to jump through a few hoops to sniff a MAC address though. Thanks for the interesting links.
Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:
But we have been talking about the MAC address of the NIC, not, for example the MAC for an AP in client mode (bridge). Which MAC gets sent to the distant internet WAN AP? In one radio I use it gives the option in the setup of sending either the MAC of the computer or it's own MAC, so you have two possible numbers to send. What utility did you use for the win98 that you said you were able to set the MAC on?
My 3C920 integrated ethernet gizmo on my office XP box has it listed as "Network Address" in the advanced properties.
However, that's too easy and no fun. For real entertainment value and gross abuse, try a MAC flood. See:
There's no such thing as an "internet WAN AP". I think you mean "gets sent to the ISP's gateway router". If there's a router in the users system, the MAC address of the WAN interface of the router gets sent to the ISP. The ethernet switch MAC addresses, wireless MAC address on the LAN side of the router each have their own MAC addresses. The WAN and LAN addresses are usually different, but can be made to be the same (which is what MAC address cloning feature does). Changing the MAC address of the client radio or ethernet card does not propogate through the router.
There's a common misconception that the MAC address is attached to "the router" or something like that. Not so. Each interface (hardware port) has it's own different MAC address. Go to:
Most routers and some access points allow you to "clone" the MAC address of the attached client computer (or just change it manually to whatever is convenient). This is handy for ISP's that authenticate the user by the connecting device MAC address. If the router was NOT in the system, and the user connected directly to the DSL or cable modem with their computer, the ISP's authentication database will have the MAC address of the computer. When the router is inserted in between the modem and the computer, the ISP will see the MAC address of the WAN interface of the router. This will fail authentication unless the computers MAC address is cloned.
Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:
So, the easiest way to change the MAC sent to the ISP gateway router is to change the MAC of the computer and then clone the MAC at the radio/ bridge (assuming there is no router, or at the router if you use one)? You say most routers allow this, what about wireless ethernet bridges? How to determine if the bridge (or router if used) allows for cloning of the computers MAC prior to purchase?
I think all the utilities mentioned in earlier posts are for changing the MAC of the computer NIC, not the MAC of the bridge (or, if a router is used, the router) If that's the case then a radio bridge (or router if used), has to have the ability to clone the MAC address of the computer and you must change the NIC address and then clone it in order to change the MAC info sent to the ISP's gateway router.
Or in the case of using a client bridge (or router if used) to connect to a public AP, if the admin does not like your traffic, he simply blocks the MAC and your expensive radio equipment is now worthless (if that's your only AP, your SOL) until and IF you can change MAC that is being sent. I think you are saying it's a two step process-changing the NIC MAC of the computer and then cloning it at the bridge radio or router.
On Wed, 14 Jun 2006 22:24:42 +0000 (UTC), JDavidson wrote in :
Or just set the MAC address manually.
Likewise.
RTFM.
Correct.
Or enter it manually.
Which is trivial.
Or manually.
JDavidson hath wroth:
The MAC address sent to the ISP gateway can be manually entered in the "clone MAC address" field on the router. For example, the WRT54G setting is at:
A few allow it to be changed. I just checked a random assortment. The Linksys WAP11 and WAP54G do NOT. The WET54G does:
Easy. There are emulators for most routers online: Linksys:
How about a clue as to what you're trying to accomplish?
My guess is that you're worried that your unspecified wireless client radio can be locked out by blocking the MAC address. In the case of a wireless card plugged directly into a computah, the MAC address can easily be changed by one of the aformentioned utilities. For an ethernet connected wireless bridge, game adapter, or client mode mumble mumble bridge, the MAC address can be changed on some (not all) such devices. Because of the ease of which this can be done, and the not so minor detail that MAC addresses can be sniffed, filtering by MAC address is totally worthless.
Thanks to you and all for the good answers. In further reading on this MAC address question (I am no engineer) I discover that, depending on the admin, a gateway may be using sophisticated security software that can discriminate between real MAC addresses and made up MAC addresses. I think the questions is still unresolved as to how effective they can be in MAC address blocking. While this type of security software is mainly intended to prevent network access/DOS attacks, the question of how effective they can be in blocking users for what might be good, but could be wrong reasons remains unanswered. It makes no sense to me to buy expensive hardware to access an advertised public AP when the people on the other end can easily block you, and, since you are not paying, you have little recourse. But at least I know now that the MAC address can be changed.
John Navas wrote in news: snipped-for-privacy@4ax.com:
On Thu, 15 Jun 2006 21:32:04 +0000 (UTC), JDavidson wrote in :
Very unlikely in my experience.
I don't know of any knowledgeable admins that would depend on it.
DoS attacks are usually defended against in other ways, depending on the type of attack -- the last MAC address is usually meaningless.
Why would they want to block you? Might there be good cause?
I'd say zero recourse.
No offense intended, but it sounds like they might have good cause to keep you out, and you're trying to work around their defenses.
-John
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.