Can I change the mac address on....

[ricrhys]

My macbook 2.4 GHz intel core duo, with AirPort Extreme.

Im fairly new to web security

i've tried

sudo ifconfig en1 ether 01:02:03:04:05:06

and

sudo ifconfig en1 lladdr 00:00:00:00:00:01

neither seem to work, it will ask for my password and i enter it then when i

ifconfig en1 | grep ether/lladdr

it still shows my original address any ideas?

(Im going to be doing an ethical hacking module soon so just trying to get my head round this)

 

[Tallest Skil]

I don't believe you can change a MAC address.

I could be wrong, but changing it could lead to all sorts of nonsense going on.

Just try changing IP addresses.

 

[ricrhys]

ok

what if i was using mac address filtering on my AP and wanted to test its integrity, I dont have that many machines so by imitating using my machine non allowed and allowed addresses i could test it, I know on older machines you could do this and the address could either be manually changed back or would change its self on restart.

 

[DoFoT9]

no not on a Mac without a program. i searched for programs once upon a time but found nothing that worked properly.

try using bootcamp + windows, its much easier.

 

[clyde2801]

Sure...just send your macbook to my address!

Wait, did I misunderstand your question?

 

[ricrhys]

ok whats your mac address

 

[old-wiz]

The MAC address is usually locked into the hardware. Some mainframe type systems allowed changing the MAC address, which was used when you had to replace a malfunctioning board and needed to keep the same MAC address. The MAC address is not a random number; there's a code for it and changing it is not a good idea.

 

[brand]

ok whats your mac address

It doesn't really matter. Anytime you connect to a wireless access point or plug in an Ethernet cable you are giving away your MAC address.

 

[ricrhys]

ok sorry maybe im not being clear or not understanding your replies, im not trying physically or permanently change the mac address just temporarily spoof it, its easily done with other operating systems. Is this because they have a different way of implementing the mac add i.e not in the firmware.

i was trying to use a program called macchanger (the program i use in bt3) but am having trouble installing it in os x

 

[Mr_Brightside_@]

ok sorry maybe im not being clear or not understanding your replies, im not trying physically or permanently change the mac address just temporarily spoof it, its easily done with other operating systems. Is this because they have a different way of implementing the mac add i.e not in the firmware.

i was trying to use a program called macchanger (the program i use in bt3) but am having trouble installing it in os x

MacDaddyX should do the trick.

 

[ricrhys]

looked ideal but after trying all the Apple oid's and all the broad com ones it still says it looks like it didn't like that mac, back to the drawing board

 

[Mr_Brightside_@]

looked ideal but after trying all the Apple oid's and all the broad com ones it still says it looks like it didn't like that mac, back to the drawing board

Hm... sorry about that. Changing the MAC address has always been tricky for me; whether with Terminal, MacDaddy or anything else- though the ethernet address is easy to change, either the Terminal way or with MacDaddy.

 

[ppc750fx]

The MAC address is usually locked into the hardware. Some mainframe type systems allowed changing the MAC address, which was used when you had to replace a malfunctioning board and needed to keep the same MAC address. The MAC address is not a random number; there's a code for it and changing it is not a good idea.

1) MAC addresses are, at least for most NICs, software controlled. It's very, very rare to find a MAC address "locked in to the hardware".

2) "Mainframe type systems"? You mean servers? Either way, yes, that is a legitimate (albeit rather rare) reason to change an interface's MAC address.

3) You're right that the MAC address isn't a random number, but there are quite a few legitimate reasons to change it. Provided you don't pick a colliding one, there's not really any harm that will come from changing it.

--

To the OP: I've got a 2.4Ghz BlackBook, so I know what you're talking about.

First, be warned that MAC address spoofing is known to either break or no longer work the same way when Apple releases system updates. 10.5.5 and (IIRC) 10.5.4 both changed the procedure for spoofing your MAC address.

On my MacBook4,1 running 10.5.6:

The following will return with no error (provided that Airport is on), but will not change the address.

sudo ifconfig en1 lladdr 00:00:DD:C0:FF:EE

The following will return with no error (provided that Airport is on), but will only change the address if not associated with an access point:

sudo ifconfig en1 ether 00:00:DD:C0:FF:EE

There are a whole bunch more subtleties, but that should work for you. The whole MAC spoofing thing is a mess on OS X anyways. Different combinations of hardware and versions of OS X mean that the procedure is likely to differ from machine to machine -- so once you figure out how to do it, try to remember it ;-)

 

[brand]

MAC addresses are, at least for most NICs, software controlled. It's very, very rare to find a MAC address "locked in to the hardware".

It sounds like you need to go back to Networking101 because that couldn't be further from the truth.

MAC address are not software controlled. Each NIC has a unique MAC address that hard coded to that device. It is possible to spoof a different MAC address thereby hiding the original MAC address with software. Ultimately the MAC address that is hard coded to that NIC has not changed. Spoofing a MAC address is usually only done temporary to allow someone to bypass access control lists on servers, routers, or wireless access points.

there are quite a few legitimate reasons to change it. Provided you don't pick a colliding one, there's not really any harm that will come from changing it.

Since you say there are so many legitimate reasons why someone would need to spoof their MAC, name a few. Spoofing a MAC address is usually done to bypass the security on a network. In case you didn't know that is illegal and a Felony in the United States. Given that, I would say that much harm could come from it.

 

[ricrhys]

1)
The following will return with no error (provided that Airport is on), but will only change the address if not associated with an access point:

sudo ifconfig en1 ether 00:00:DD:C0:FF:EE

There are a whole bunch more subtleties, but that should work for you. The whole MAC spoofing thing is a mess on OS X anyways. Different combinations of hardware and versions of OS X mean that the procedure is likely to differ from machine to machine -- so once you figure out how to do it, try to remember it ;-)

thanks buddy worked a treat,

brand
my legitimate reason is stated in my first post,
in my ethical hacking module an understanding of security is vital and this is just part of the process, just trying to get a bit of a head start
thanks again
ric

 

[ppc750fx]

Since you say there are so many legitimate reasons why someone would need to spoof their MAC, name a few. Spoofing a MAC address is usually done to bypass the security on a network. In case you didn't know that is illegal and a Felony in the United States. Given that, I would say that much harm could come from it.

The network at my workplace requires me to register my MAC address in order to receive an IP. I have two notebooks that I use regularly, but only ever take in one at a time to work. Rather than apply for two allocations, I simply spoof the MAC address.

It's also useful for diagnostic purposes, such as testing your network setup to see if it quarantines unknown hosts.

Oh, and no sane network administrator uses MAC addresses as a form of security for a wireless network. Anyone who attended "Networking101" (as you termed it) should know that.

It sounds like you need to go back to Networking101 because that couldn't be further from the truth.

Sigh.

If you re-read my post, you'll notice that I said that MAC addresses were software controlled. This is correct. A MAC address is not an immutable characteristic of the hardware (as "locked in to the hardware" would imply), but rather a variable characteristic, controlled either by software on the device (firmware) or on the device's host (i.e. drivers.)

Ultimately the MAC address that is hard coded to that NIC has not changed.

For all practical purposes it has. In most cases the MAC address presented to the network and to the host computer will be the "spoofed" MAC -- in such cases the NIC will be the only component that actually knows the "real" MAC address. This is just semantics though: the end result is that when you "spoof" a MAC address, it's usually indistinguishable from the device's "true" MAC.

Spoofing a MAC address is usually done to bypass the security on a network.

One of the most common reasons to spoof your MAC to get a DHCP server to assign a new IP address. This isn't in and of itself illegal, and is often quite a legitimate thing to do.

Inferring that the only reason that one might want to spoof a MAC address is to commit a felony is absurd, and frankly makes me think that you're rather poorly-informed when it comes to network security. If I had to guess, I'd say that you're one of those people that thinks that changing a phone's IMEI is illegal in the US too...

 

[brand]

The network at my workplace requires me to register my MAC address in order to receive an IP.

That is also how we assign IPs at the college where I am a network technician. Assigning IPs by MAC address, a sort of static DHCP, is one of the easier and cheaper ways of initially restricting physical access to a network. Where I work we have an acceptable use policy ,as do most organizations, and the act of spoofing a MAC to gain access to the network is in violation of the policy and considered illegal.

It's also useful for diagnostic purposes, such as testing your network setup to see if it quarantines unknown hosts.

That is a valid reason but you did say that "there are quite a few legitimate reasons" why someone might want to change their MAC address. The 2 or 3 well known reasons that you have given would not be classified at "quite a few".

Oh, and no sane network administrator uses MAC addresses as a form of security for a wireless network. Anyone who attended "Networking101" (as you termed it) should know that.

While that is true, unfortunately I have met many home users that use MAC filtering as their only form of security. Additionally I have meet many network admins that use MAC filtering as only a single part of their security. I never said that that use it was their only method of security.

If you re-read my post, you'll notice that I said that MAC addresses were software controlled. This is correct. A MAC address is not an immutable characteristic of the hardware (as "locked in to the hardware" would imply), but rather a variable characteristic, controlled either by software on the device (firmware) or on the device's host (i.e. drivers.)

I don't need to re-read your post because I never said that the MAC address was not able to be temporarily changed. Whenever that device is powered off MAC address reverts to the hared coded MAC of the NIC.

Technically you are not supposed to be able to change to hard coded MAC in the firmware but there are still ways. For all intents and purposes and according to the standards it is not possible.

One of the most common reasons to spoof your MAC to get a DHCP server to assign a new IP address. This isn't in and of itself illegal, and is often quite a legitimate thing to do.

While act of changing a MAC might not be illegal, using it as a means to connect to someone else's network is often times illegal and not a legitimate way to gain access.

Inferring that the only reason that one might want to spoof a MAC address is to commit a felony is absurd, and frankly makes me think that you're rather poorly-informed when it comes to network security. If I had to guess, I'd say that you're one of those people that thinks that changing a phone's IMEI is illegal in the US too...

Maybe you should go back and re-read my post. I never inferred that the only reason one might want to spoof a MAC address was to commit a felony. The felony is a byproduct of their true intentions. I am actually very well educated in computers, networking, and security since it is what I do for a living. From what you have shown me you would be the one that is poorly-informed about network security.

 

[ppc750fx]

Where I work we have an acceptable use policy ,as do most organizations, and the act of spoofing a MAC to gain access to the network is in violation of the policy and considered illegal.

It's illegal if you're not authorized to use the network. If you are authorized to use the network, it's not illegal, although it may be a violation of your AUP. In my case, it's neither.

That is a valid reason but you did say that "there are quite a few legitimate reasons" why someone might want to change their MAC address. The 2 or 3 well known reasons that you have given would not be classified at "quite a few".

Nope. I'm not gonna play that game. I gave you some real world examples of why one might want to do it. I'm not going to sit here and think up scenarios until you finally deem them of acceptable quantity and quality.

I never said that that use it was their only method of security.

And neither did I. My point was that no knowledgeable admin would use MAC filtering as a form of security at all. It's a about as much of a security measure as posting a sign next to the RJ45 ports saying "Don't be bad."

For all intents and purposes and according to the standards it is not possible.

I wasn't aware that it was stated in any RFCs (or similar) that MAC addresses were to be immutable. Out of curiosity, according to which standards is it not supposed to be possible?

Maybe you should go back and re-read my post. I never inferred that the only reason one might want to spoof a MAC address was to commit a felony. The felony is a byproduct of their true intentions. I am actually very well educated in computers, networking, and security since it is what I do for a living. From what you have shown me you would be the one that is poorly-informed about network security.

I've obviously struck a nerve here.

Guess I'm poorly informed when it comes to network security. After all, I was foolish enough to think that basing your security around a trivially-modifiable pseudo-unique ID was a bad idea. Hell, I was even dumb enough to say that something that could be changed by software was "software controlled". You sure showed me.