[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: The best way to run a hidden service: one or two computers?

> Use the macchanger utility.  Make sure you write down your original
> MAC first, in case you need to switch back to it later.

Original is commonly available in Unixlike boot dmesg output.
I'm as yet unaware of an available changer that
will burn the hardware itself, as opposed to simply
programming the running MAC register till next reboot.

> sudo ifconfig eth1 hw ether 00:00:00:00:00:00 # make this
> something believable

Beware setting the layer2 multicast frame bit. Note also its
tricky position and endianness.

> See some preliminary design thoughts [1] we've been having for T(A)ILS
> to try and find an approach that makes your network interface appear
> different from the one it really is, and at the same time prevents it
> to appear real weird (a bit like the default User-Agent used by
> Torbutton).

Set to current Intel vendor prefix, randomize suffix, ban original MAC,
0x0, 0xf, other obviousness, etc. Full random might look like
a flaky nic to various hats, mostly old ones.

> you'll likely need to have the interface down before changing mac:

Some will bounce interface, all should gratuitous arp unless forbidden.
Be careful with ipv6 emissions on ifup.

> however, if an attacker has access to read this locally they've
> already compromised

Unknown here if original MAC can be read, or reset the nic for reading,
via the same original boot-time routines at any given later runtime.
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/