|
04-09-2002
|
#31 (permalink) |
|
Posts: n/a
|
Changing MAC to match another card
I saw a reference to not being able to fully change your MAC address (the manufacturer componant) on an earlier post. It didn't get any comments and I thought it deserverd further discussion.....
I am seeing strange results when I try to match my MAC address to another card, but I think it is a numerical issue rather than an inability to change the manufacturer componant of the MAC. When I try to change my Orinoco cards MAC address to match the MAC of a cisco card, everything looks good except for the first two digits. the Aironet cards use MACs that start with 00 40 96 XX XX XX. When I change the MAC on my orinoco card to try and match it (using win2000 registry hack) it changes to 02 40 96 XX XX XX. Even though I put the number in right, the first number keeps comming out as 02 rather than 00. Now, if this were an issue with NT forcing you to keep the MAC comnponant associated with the manufacturer, then more than the first digit would be kept the same. Similarly, I have successfully changed the card to FE ED DE AD BE EF (Thanks TRON), with no problems. So, since it looks like it isn't some kind of fail-safe preventing you from using the MAC from another card, what is going on? Is there some kind of conversion between decimal and hex that could be causing this? Anyone else have an opinion on this issue? Barax |
|
|
04-09-2002
|
#32 (permalink) |
|
Posts: n/a
|
The MAC address is 48 bits with the 24 bits being the IEEE assigned OUI - Organizationally Unique Identifier and the remaining 24 bits vendor assigned.
IEEE makes allowance for "locally administered" addresses, where the network administrator assigns the address, but stipulates that bit 46 must be 1 if this is done. I believe this is what forces 00 to 02. Setting a MAC starting with FE would also have bit 46 on, so that this would be accepted. If this is correct it WILL prevent you from setting your MAC address to match that of a globally administered address - aka MAC spoofing |
|
|
|
04-09-2002
|
#33 (permalink) |
|
Posts: n/a
|
Purpose of spoofing
Thanks, You have provided an answer that sounds like it explains the situation!
This then opens additional questions: What are you trying to accomplish when changing your MAC address? and is there another method that will allow someone to actually spoof an address to match another client? If you are trying to cloak your own identity and not leave a recognizable trace, then spoofing you mac through the registry is a viable alternative. However, if your goal is to bypass the MAC filter of an AP, then you are out of luck with this method. A searching we will go.... Barax |
|
|
|
04-09-2002
|
#34 (permalink) |
|
Posts: n/a
|
MAC spoofing
It might still be possible to spoof the MAC address to defeat MAC ACL - just more difficult. The MAC address on the older ethernet NICs used to be a PROM in a socket - yes, you could swap the PROM from one NIC to another - and is now probably stored somewhere in flash memory.
In theory, you could change the MAC by flashing the card, in similar fashion to flashing the firmware. There are some sharp guys on the forum that have been flashing one manufacturer's card with another manufacturer's firmware, and reportedly even flashing from silver (64bit WEP) to gold (128bit WEP) - maybe one of them can figure it out  |
|
|
|
04-11-2002
|
#35 (permalink) |
|
Posts: n/a
|
I now this is "windows version" but...
is there any way to change dynamicaly the MAC on a Cisco 350 PCMCIA?
ifconfig tell me : eth1 Link encap:Ethernet HWaddr 00:07:EB:30:F1:AE When I put the card in monitor mode doing: echo "Mode: rfmon" >> /proc/driver/aironet/eth1/Config ifconfig tell me eth1 Link encap:UNSPEC HWaddr 00-07-EB-30-F1-AE-00-00-00-00-00-00-00-00-00-00 How curious... |
|
|
Linear Mode
