Total Pageviews

Wednesday, 26 September 2012

MAC (Media Access Control) Spoof/Change


Most people among us change their IP address and think they are anonymous on the internet, but one thing they forgot is that they can be tracked down with MAC address which is still there, not spoofed. So what to do?
First off what is MAC
When you think about networking, IP addresses are probably the first things that come to mind. But there’s another type of network address called a MAC address that actually forms the foundation upon which IP address communication is built, at least where local area networks are concerned.
MAC (Media Access Control) address, sometimes referred to as a hardware address or physical address, is an ID code that’s assigned to a network adapter or any device with built-in networking capability, such as a printer. While an IP address can potentially be assigned to any device, a MAC address is “burned into” a given device from the factory. A MAC address takes the form of six pairs of hexadecimal digits.

Given that IP addresses can’t be permanently assigned to a device — after all, a particular address can belong to one computer today and another one tomorrow — MAC addresses allow communication between devices on a local network by making it possible to reliably distinguish one computer from another.
A MAC (Media Access Control) address is a number that identifies the network adaptor(s) installed on your computer. To find your MAC address on a Windows, Mac, or Linux system, use one of the following methods.
How to find the MAC address on your computer:

Windows method 1:
1) Click on the Start button.
2) Click on Run.
3) Type cmd and press Enter.
4) At the command prompt, type ipconfig /all and press Enter. Don’t forget the space.
5) Look for Physical Address. This your MAC address. Make sure you get the physical address of the correct network adapter - usually there are several listed.

Windows Method 2:
1) Connect to a networkThis method is only applicable if you are currently connected.

2) Open Network Connections. If you don’t have a desktop icon for this, find the connection icon in the taskbar (the lower right-hand corner of the Windows toolbar) and click on it to either bring up your current connection or a list of available networks. .
3) Right-click your connection and select Status.
4) Click “Details”. Note that, in some versions of Windows, this may be under theSupport tab.
5) Look for Physical AddressThis your MAC address. Make sure you get the physical address of the correct network adapter - usually there are several listed.

MAC OS X Method:
1) Go to System Preferences.
2) Select AirPort or Built-in Ethernet, depending on how you access your network.
  • For Ethernet, click Advanced and navigate to the Ethernet tab. At the top you will see the Ethernet ID, which is your MAC address.
  • For AirPort, click Advanced and navigate to the bottom of the page. There you will see the AirPort ID your MAC address.

Linux Method:
1) Obtain a command shell. Depending on your system, this might be calledXtermShellTerminalCommand Prompt, or something similar. It can usually be found under Applications > Accessories (or the equivalent).
2) Type /sbin/ipconfig and press Enter. If you are denied access, enter su –c “/sbin/ipconfig” and enter the root password if prompted.
3) Look for your HWaddr. This is your MAC address.
Tips:
  • A MAC address is a series of 6 groups character pairs separated by dashes.
  • Your MAC address can also be found with third party networking utilities, or by checking the network adapter properties under Device Manager.
  • For Mac OS X, you can also try the Linux method in Terminal.app. This will work on because MacOS X uses the Darwin kernel (based upon BSD).

Reasons for why you may want to spoof your MAC address: 
  1. To get past MAC address filtering on a router. Valid MAC addresses can be found by sniffing them and then the deviant user could assume the MAC of a valid host. Having two hosts on the same network can cause some network stability problems, but much of the time it’s workable. This is one of the reasons why MIC Address filtering on a wireless router is pointless. An attacker can just sniff the MAC address out of the air while in monitor mode and set his WiFi NIC to use it. Interestingly, a lot of hotels use MAC filtering in their “pay to surf” schemes, so this method can be an instant in for cheap skate road warriors. 
  2. Sniffing other connections on the network. By assuming another host’s MAC as their own they may receive packets not meant for them. However, ARP poisoning is generally a better method than MAC spoofing to accomplish this task.
  3. So as to keep their burned in MAC address out of IDS and security logs, thus keeping deviant behavior from being connected to their hardware. For example, two of the main things a DHCP server logs when it leases an IP to a client is the MAC address and host name. If you have a wireless router look around on it’s web interface for where it logs this info. Luckily there are tools to randomize this information (MadMACs)(download here)
  4. To pull off a denial of service attack, for instance assuming the MAC of the gateway to a sub net might cause traffic problems. Also, a lot of WiFi routers will lock up if a client tries to connect with the same MAC as the router’s BSSID.

How to spoof/change your MAC address:
For Windows: Technitium MAC Address Changer (download here)
For Mac OS X: (Click here)
For Linux: (Click here)