Re: [Tails-dev] Truly Random Mac Changer

Sat, 09 May 2015 07:53:27 -0700 

On 05/08/2015 10:11 PM, intrigeri wrote:
> Peter N. Glaskowsky wrote (08 May 2015 18:59:35 GMT) :
>>> On May 8, 2015, at 10:20 AM, intrigeri <intrig...@boum.org> wrote:
>>> Source Valley wrote (08 May 2015 16:55:50 GMT) :
>>>> There are countless example I can think of where one might need a truly 
>>>> random mac
>>>> changer, here is just one example: If I'm sitting in a coffee shop and I'm 
>>>> the only
>>>> one with a Unique first 3 octet wifi card, then it wouldn't be too 
>>>> difficult to
>>>> reveal who I am.
>>>
>>> I don't understand. May you please clarify?
> 
>> I assume this is the usual issue that someone observing the network can look 
>> up an OUI, here for example:
> 
>> https://www.wireshark.org/tools/oui-lookup.html
> 
>> and if it turns out to be distinctive— for example, used only in certain 
>> Dell-branded
>> laptops— it could potentially identify the user if he or she is the only 
>> user with
>> such a machine in the coffee shop at that moment.
> 
> OK, I see. In such contexts, I don't think it matters much what exact
> bits of the MAC address we modify, as long as we spoof the MAC address
> exactly once per session: the timing of connection/disconnection is
> probably enough to correlate a given MAC address with a physical body
> with a quite good success rate: the MAC address that suddenly appears
> on the LAN when $PERSON shows up, takes $COMPUTER of a bag and turns
> it on, and suddenly disappears when $COMPUTER is put back into a bag
> and $PERSON leaves, is very likely to be $COMPUTER's MAC address, and
> the network traffic from that MAC address is very likely $PERSON's
> network traffic.

Exactly. However, having a NIC with a rare OUI is a serious problem in
other ways if the attacker takes that in consideration (i.e. treats that
OUI as unique in some geographical region, which may be reasonable in
some cases I suppose).

Just to further elaborate why randomly picking between OUI:s (or
(worse!) completely randomizing the vendor bytes) isn't so simple to do
in a safe manner, look at this part of the design document:

    https://tails.boum.org/contribute/design/MAC_address/#index12h2

Those conclusions are not set in stone, feel free to attempt to change
our minds! :)

Cheers!

_______________________________________________
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Reply via email to