Tiny Deathstars of Foulness

Every hardware network adapter has a unique MAC address.  However, they’re not always what they seem.  According to Wikipedia:
MAC Spoofing is a hacking technique of changing an assigned Media Access Control (MAC) address of a networked device to a different one. The changing of the assigned MAC address may allow the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer.
I was talking to someone the other day about security and the topic of spoofing MAC addresses came up.  They seemed to discount that this was usually a concern except for in super secure environments because they considered it an extremely complex process.  Here’s my answer to that:
ifconfig en0 ether 00:00:00:00:00:00 
That should take you about 5 seconds to copy to your clipboard and paste into a terminal window…  You can then replace the en0 with whichever adapter you’d like to implement the spoofed addy on, and hopefully the series of zero’s here with the actual MAC address of a target host.  The next comment was that it was really hard to figure out a MAC address and that’s what makes it hard to spoof them.  If it’s local and you can ping it then arp will cache it.  Therefore, see the IP of the host you’d like to spoof the MAC on in your arp cache with a little:
arp -a
Which gives you something like:
? ( at 0:16:cb:aa:dc:58 on en1 [ethernet]
Now, once you’ve set the MAC, you’ll need to reboot to undo it.  Or just set it back if you copied it before running the earlier command.

March 10th, 2009

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , ,