On 04/10/2017 01:35 PM, Chris Laprise wrote:
1. A Study of MAC Address Randomization in Mobile Devices and When it Fails https://arxiv.org/pdf/1703.02874v1.pdf
A listing of best practices from the paper:
Randomize across the entire address, providing 2^46 bits of randomization. Use a random address for every probe request frame. Remove sequence numbers from probe requests. If sequence numbers are used, reset sequence number when transmitting authentication and association frames. Never send probe requests using a global MAC address. Enforce a policy requiring a minimal and stan- dard set of vendor IEs. Move any lost function- ality to the authentication/association process, or upon network establishment utilize discovery protocols. Specifically, the use of WPS attributes should be removed except when performing P2P opera- tions. Prohibit unique vendor tags such as those introduced by Apple iOS 10. Eliminate the use of directed probe requests for cellular offloading. Mandate that chipset firmware remove behavior where RTS frames received while in State 1 elicit a CTS response.
Seems like NM and careful configuration might address some of these points...
(BTW, the usna.edu address appears to be disabled.) -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list