IT Security

Host: Chad Perrin Contact

How to spoof a MAC address

Date: January 22nd, 2008
Author: Chad Perrin
Category: Malware, Security
Tags: MAC, MAC Address, Chad Perrin

61 comment(s)

MAC address filtering for wireless networking isn’t real “security”. Anyone who pays any attention to current trends in wireless security at all should know that MAC filtering is less effective than WEP — and that WEP can be cracked almost instantly these days with commonly available tools.

This doesn’t mean MAC filtering is useless. Its resource consumption is almost unmeasurable, and even if it doesn’t keep out any reasonably knowledgeable security crackers willing to spend a few moments gaining access, it does keep out a lot of automated opportunistic attacks that are aiming solely for the absolute lowest-hanging fruit on the security tree. Since that lowest-hanging fruit consists of the majority of wireless access points, MAC filtering can be of value as a way of turning away the majority of opportunistic attackers.

Don’t rely on MAC filtering alone, however. Please, just don’t. It’s a bad idea. People seem to think “Oh, well, sure a determined attacker can get past it, but not anyone else.” It doesn’t take much determination at all to spoof a MAC address. In fact, I’ll tell you how:

“Listen” in on network traffic. Pick out the MAC address. This can be done with a plethora of freely available security tools, including Nmap.
Change your MAC address.

You can spoof a MAC address when using Nmap with nothing more than a –spoof-mac command line option for Nmap itself to hide the true source of Nmap probes. If you give it a MAC address argument of “0″, it will even generate a random MAC address for you.

For more general MAC address spoofing, your MAC address is trivially reset with tools available in default installs of most operating systems. Here are some examples:

Linux: ifconfig eth0 hw ether 03:a0:04:d3:00:11
FreeBSD: ifconfig bge0 link 03:a0:04:d3:00:11
MS Windows: On Microsoft Windows systems, the MAC address is stored in a registry key. The location of that key varies from one MS Windows version to the next, but find that and you can just edit it yourself. There are, of course, numerous free utilities you can download to make this change for you as well (such as Macshift for MS Windows XP).

All of these techniques can of course be automated by self-propagating malware, and the creation of the malware can even be automated to some extent by existing malware creation “kits”. If that doesn’t convince you that MAC filtering does not provide real security, I don’t know what will.

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools. Read his full bio and profile.

Print/View all Posts Comments on this blog

introduce a auto mac changing and finding tool gameforpeace | 01/22/08

Thanks for the link. apotheon | 01/23/08

Tried it on my own network Techno Rat | 01/29/08

What about static DHCP? prscott1 | 02/03/08

Scan does not find mac address of router prscott1 | 02/03/08

What? apotheon | 02/03/08

Yeah but... prscott1 | 02/04/08

how to change a mac address technocrat25 | 12/30/09

PLAGIARISM ALERT !!!! .... OldER Mycroft | 12/31/09

One important point Michael Kassner | 01/22/08

True . . . apotheon | 01/23/08

or you can have a 'big mac' attack robo_dev | 01/25/08

Some better watch out! The Listed 'G MAN' | 01/23/08

I did not know you can change your Mac using Nmap, Oktet | 01/23/08

re: Nmap apotheon | 01/23/08

That's really good to know info, Oktet | 01/24/08

RE: Finding MAC key in Windows Register elegantbasura@... | 01/24/08

Windows XP MAC Address in Device Properties Screen TheGooch1 | 01/24/08

lost catseverywhere@... | 01/24/08

MAC spoofing to access a specific resource apotheon | 01/24/08

That's funny Oktet | 01/24/08

That does not always work robo_dev | 01/25/08

are you sure? Neon Samurai | 01/25/08

It has to do with driver functionality. apotheon | 01/26/08

That would do it Neon Samurai | 01/27/08

well . . . apotheon | 01/27/08

and wifi... catseverywhere@... | 01/27/08

That's one reason I like Thinkpads. apotheon | 01/27/08

RE: How to spoof a MAC address signalgk@... | 01/25/08

Are you talking about reading WEP? Oktet | 01/25/08

there are tools for that apotheon | 01/25/08

Tools for that... mike.senko@... | 01/28/08

MAC is a fundamental component of the network addressing Neon Samurai | 01/28/08

if it's really your wifi router, just reset it Neon Samurai | 01/25/08

Thanks signalgk@... | 01/26/08

how can such an articole get published? castrol@... | 01/25/08

Every six months? apotheon | 01/25/08

A question Tony Hopkinson | 01/25/08

Penetration Testing... Penguin_me | 01/25/08

network connection testing Neon Samurai | 01/25/08

So the legitimate use is to Tony Hopkinson | 01/26/08

No . . . apotheon | 01/26/08

Not what I meant Tony Hopkinson | 01/27/08

Would you please rephrase that? apotheon | 01/27/08

That's because it was n't one :D Tony Hopkinson | 01/28/08

Well . . . apotheon | 01/28/08

That's about what I was thinking Tony Hopkinson | 01/28/08

legit use of MAC changes ben@... | 01/28/08

That's not really legit is it? Tony Hopkinson | 01/28/08

IT's Responsibility s31064 | 01/30/08

Not IT departments ben@... | 01/31/08

Wait a minute ! Tony Hopkinson | 02/03/08

common ligitimate use Neon Samurai | 01/28/08

legitimate uses mike.senko@... | 01/28/08

cheap systems apotheon | 01/28/08

Duplicate MACs? s31064 | 01/30/08

Do you really need me to answer that? apotheon | 01/30/08

Recycled MAC's TheGooch1 | 01/31/08

last six apotheon | 01/31/08

Yes prscott1 | 02/04/08

RE: How to spoof a MAC address amit_maharjan1 | 12/29/09

White Papers, Webcasts, and Downloads

Business Analytics and Optimization for the Intelligent Enterprise IBM Corp. IBM Global Business Services, through the IBM Institute for Business ... Download Now
Infrastructures for Innovation Qwest Communications "Nearly nine out of ten senior IT and business executives say that data ... Download Now
Network Managed Services: A Cost-Effective Approach to Complexity Qwest Communications Learn how outsourcing network management tasks to a third party allows companies to save time and drive substantially lower total cost of ownership. Download Now

Top Rated

How China exposed Google's hypocrisy+47 votes
Ransomware: Extortion via the Internet+39 votes
GoogleSharing: A way to prevent tracking by Google+31 votes
How antivirus software works: Is it worth it?+30 votes
Panopticlick: Your Web browsing is less anonymous than you think+23 votes
The enduring cipher: Unbreakable for nearly 100 years+15 votes
Are TSA policies a bad joke?+15 votes
American Express password policy takes the cake+12 votes

TechRepublic Blogs

500 Things Every Technology Professional Needs to Know: Did you know Microsoft's RegClean does not work with XP but you can use shareware to clean your registry? Did you know most wireless access points don't have encryption enabled by default? Did you know there are 500 tidbits of information contained in TechRepublic's 500 Things Every Technology Professional Needs to Know that will help you become a successful IT professional.; Buy Now

Quick Reference: Linux Commands: Reduce stress and speed up resolutions with the easiest command references right at your fingertips. You'll receive a PDF file covering Linux, packed with the most common commands you'll need and use daily.; Buy Now

IT Security

How to spoof a MAC address

Print/View all Posts Comments on this blog

What do you think?

White Papers, Webcasts, and Downloads

Recent Entries

Top Rated

Archives

TechRepublic Blogs

SmartPlanet