Tag Archives: MAC Address

Mac OS X Mac Security Mass Deployment

More Information About DHCP Leases in OS X

You can obtain a pretty decent amount of information about leases your OS X computer gets just by looking in the Network System Preference pane, for each interface.
Screen Shot 2013-10-02 at 10.16.16 PM
However, you can get a little lot more information, as with most things, from the command line. First, we’re going to take a look at en0 on our host and see what the MAC address is:

ifconfig en0 ether

Now, we can look in the /var/db/dhcpclient/leases directory to see a list of all of the leases we have running on our system. Based on the MAC address of our computer, we should see a file there that starts with the name of our interface and finishes with our MAC address. Let’s cat this file:

cat en0-1\,84\:38\:35\:63\:87\:2e

The output is similar to the following (a standard plist):

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>IPAddress</key>
<string>192.168.210.144</string>
<key>LeaseLength</key>
<integer>86400</integer>
<key>LeaseStartDate</key>
<date>2013-10-03T02:43:36Z</date>
<key>PacketData</key>
<data>
AgEGAPSEH9QAAAAAAAAAAMCo0pAAAAAAAAAAAIQ4NWOHLgAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEFNgTAqNIBAQT///8A
MwQAAVGAAwTAqNIBBggEAgICzg0cDP8=
</data>
<key>RouterHardwareAddress</key>
<data>
ABfFg9DO
</data>
<key>RouterIPAddress</key>
<string>192.168.210.1</string>
</dict>
</plist>

This shows us the amount of time our lease is valid for, when the lease what provided to us, what IP was provided and the IP of our router. We can then key off of that information as needed (e.g. for other scripts/tools).

Mac OS X Mass Deployment

Importing Computers Into DeployStudio

DeployStudio has the ability to import a csv file that is populated with the MAC address and a few specific settings. This allows you to prepopulate the database with the names that you want each machine to have. If you purchase a lot of machines from Apple then you can get a list of MAC addresses, or, you can use a bar code scanner to scan them as you’re unboxing.

If you have a list of MAC addresses (en0), then you will need to format them in a very specific manner. Here, I have included a sample csv file with the data that goes into each field, which I have name DSImporter.csv.

Once you paste the data that you’d like into the csv, provide the computer names (these can be pasted or compiled using formulas). Once done, save and then open Deploy Studio Admin. From here, click on Computers and then (as you would with iTunes) click on the plus sign (+) and create a new computer list (this step is optional, but I prefer to always import into computer lists, just in case something goes wrong, especially with my first import). Once you have created the computer list, you should see a screen similar to the following.

Next, click on the Server menu and select Import.

Now browse to your csv file and then click on the Import button. When the import is complete you will see a screen informing you as such. Click on the Done button to complete the process.

You will then see your computers listed in the database and should see the names that you assigned them listed as well. You can now set a workflow item in DeployStudio for Reconfigure system with computers database content (shown below). This will set the name (and any other fields you decided to use) from the spreadsheet that you imported into the computer list.

Once you have your computers in a group, you can also set a default workflow for them for their first time imaging, by clicking on the name of the group and then clicking on the Automation tab at the bottom as you can see below.

Here, you will set the workflow to run and optionally set the computer to not have a default workflow moving forward or just be disabled so users can’t accidentally reimage their computers later.

If you don’t have the MAC addresses for your computers ahead of time, you can use the Hostname option instead.

This will enable you to enter the computer name that you would like to use moving forward into the DeployStudio Runtime at imaging and then have it stored in the DeployStudio database, where it can be used to build future workflows or even be exported and imported into the Open Directory computers.

Overall, the computers and groups in DeployStudio Admin can be used to design more and more complex imaging sequences and to provide much of the scripting logic that a number of organizations need. Beyond that, JAMF, FileWave and a few other solutions offer even more logic and even more features or a little shell scripting can take you a really long way.

Mac OS X Mac OS X Server Mass Deployment Unix Windows XP

DHCP Leases Expanded

DHCP provides IP addresses to clients. DHCP is critical to a number of Mac OS X Server technologies, most notably with NetBoot. In doing so, communications are comprised of 4 steps: Discovery, Offer, Acceptance, and Acknowledgment. In the Discovery step, a computer that needs an IP address sends a broadcast request to the environment. These typically remain local, although most routers will allow for configuring the gateway in such a way that UDP traffic is forwarded on to other subnets. The request also includes all of the options that the client will need, with options being anything beyond an IP address, each potential option with a numerical identifier per this list (defined in various RFPs).

In the second step, any DHCP servers that received the request will issue an offer, which includes a number of DHCP options, such as a subnet mask (option 1), a gateway (option 3), DNS servers (option 6), amount of time a lease is valid for (option 51), the IP of the DHCP server making the offer (option 54). For example, WINS is two options, 44 & 46 (server and type respectively) that can be provided to clients as is LDAP (option 95). Available options are determined based on any reservations that may have been filed. For example, if an IP address has been reserved for a specific MAC address then the IP will always be the IP reserved.

Because environments can have multiple DHCP servers the Transaction ID will determine which offer to accept. The servers that issued an offer will hold the IP address from the offer until they receive the response that another offer is being accepted and then move those back into their pool of available IP addresses. In step 3, Acceptance, the DHCP client will notify the server whose lease it accepts in the form of a DHCP Request, and those whose lease it will pass on. The Acceptance is actually a request for the IP address that is being held for the MAC address in question.

Based on the Acceptance, the options are then applied in an acknowledgement sent back to the client from the server that it indeed has the IP address and all of the pertinent options required. All of this typically happens in under a second and therefore, you plug in your computer and it gets an IP address; unless you’re running wireshark to look at what’s happening beneath the scene you typically just assume that that’s all there is to it… The most powerful part of DHCP though is in the options, which shows that great thought was given to the protocol when it was conceived. These extensions provide for anything from NTP servers to SMTP servers provided that the client and the server support the implementation.

Mac OS X Mac OS X Server Mac Security

Mac OS X: Spoofing MAC Addresses in 5 Seconds

Every hardware network adapter has a unique MAC address.  However, they’re not always what they seem.  According to Wikipedia:

MAC Spoofing is a hacking technique of changing an assigned Media Access Control (MAC) address of a networked device to a different one. The changing of the assigned MAC address may allow the bypassing of access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer.

I was talking to someone the other day about security and the topic of spoofing MAC addresses came up.  They seemed to discount that this was usually a concern except for in super secure environments because they considered it an extremely complex process.  Here’s my answer to that:

ifconfig en0 ether 00:00:00:00:00:00 

That should take you about 5 seconds to copy to your clipboard and paste into a terminal window…  You can then replace the en0 with whichever adapter you’d like to implement the spoofed addy on, and hopefully the series of zero’s here with the actual MAC address of a target host.  The next comment was that it was really hard to figure out a MAC address and that’s what makes it hard to spoof them.  If it’s local and you can ping it then arp will cache it.  Therefore, see the IP of the host you’d like to spoof the MAC on in your arp cache with a little:

arp -a

Which gives you something like:

? (192.168.210.249) at 0:16:cb:aa:dc:58 on en1 [ethernet]

Now, once you’ve set the MAC, you’ll need to reboot to undo it.  Or just set it back if you copied it before running the earlier command.

Mac OS X Server Mac Security Mass Deployment

Open Directory and MAC Addresses

There are a number of items that get logged into Mac OS X Server with only the unique identifier of the MAC address. Sometimes it helps to find the name based on the MAC address. If you are in an environment using trusted binding you can use Open Directory to do so. To determine the name of a computer based on the MAC address from Open Directory, you can run the following from dscl:

dscl /LDAPv3/127.0.0.1 -readall /Computers RecordName macAddress | grep -A 1 $MAC