Welcome to the MacNN Forums.

lmartins · Aug 27, 2003, 07:07 PM

Hi!

Does anybody know if it's possible to spoof a MAC address with OSX airport drivers? when I do:

ifconfig <interface> ether hw aa:bb:cc:dd:ee:ff

ifconfig answers: ifconfig: malformed ether address

I tried also: ifconfig <interface> ether aa:bb:cc:dd:ee:ff

now: ifconfig: ioctl (SIOCAIFADDR): Operation not supported

Thanks.

philzilla · Aug 28, 2003, 03:42 AM

is this any help?

lmartins · Aug 28, 2003, 07:41 AM

Originally posted by philzilla:
is this any help?

That's interesting... but any way of doing it without having to compile and install a new kernel?

Thanks for your reply.

ghporter · Aug 28, 2003, 09:30 AM

I think the answer to your question really lies in why you want to spoof MACs in the first place. The only legitimate use for that that I can think of is for testing the integrity of your network. In that case, there are software tools out there that can do what you want, some of them free. The problem is that there is no way to keep you from using this type of tool to probe someone else's network for vulnerabilities to exploit.

Don't be surprised to get the cold shoulder when you ask about this sort of tool. Some of us are very skeptical of the casual "how do I..." sort of question when the "how do I" gets close to security issues.

lmartins · Aug 28, 2003, 10:53 AM

Originally posted by GHPorter:
I think the answer to your question really lies in why you want to spoof MACs in the first place. The only legitimate use for that that I can think of is for testing the integrity of your network. In that case, there are software tools out there that can do what you want, some of them free. The problem is that there is no way to keep you from using this type of tool to probe someone else's network for vulnerabilities to exploit.

Don't be surprised to get the cold shoulder when you ask about this sort of tool. Some of us are very skeptical of the casual "how do I..." sort of question when the "how do I" gets close to security issues.

I know how to Spoof a MAC Address with a Linux box, but I was wondering if its possible to do it with my (new) OSX laptop... it is not a "how do I..." sort of question, because I can do it with Linux.

No evil stuff... just culture and knowing how to protect my own network.

Best regards

ghporter · Aug 29, 2003, 08:04 AM

No evil stuff... just culture and knowing how to protect my own network.

I had assumed you had more than the typical knowledge of Unix-like OSs (which is often not much better than spelling Linux correctly) from your earlier posts. Unfortunately, what you've already tried is what I'd try, so I can't help you there.

Your earlier attempts look like their failures could be something as simple as incorrect command syntax. As you're aware, there are lots of variations on standard Unix terminal commands. If I recall correctly, Apple used BSD as a model, if not the orignial core, for OS X, so if you haven't already, I'd start looking at the BSD command set for clues.

tooki · Aug 29, 2003, 04:03 PM

Plain and simply, you can't spoof a wireless MAC address. Part of the 802.11 specification is to explicitly not allow the hardware to allow MAC spoofing. This choice was made for security reasons, and getting around it would require significant hardware modification of the wireless network hardware.

tooki

C.J. Moof · Aug 29, 2003, 04:16 PM

Originally posted by tooki:
Plain and simply, you can't spoof a wireless MAC address. Part of the 802.11 specification is to explicitly not allow the hardware to allow MAC spoofing. This choice was made for security reasons, and getting around it would require significant hardware modification of the wireless network hardware.

tooki

Oh really?

How do you account for this?

Either you're mistaken, or he's writing fiction.... apparently it can be done with a single command line in Debian. I've yet to bother a perfectly good iBook to verify myself.

lmartins · Aug 30, 2003, 08:03 AM

Originally posted by tooki:
Plain and simply, you can't spoof a wireless MAC address. Part of the 802.11 specification is to explicitly not allow the hardware to allow MAC spoofing. This choice was made for security reasons, and getting around it would require significant hardware modification of the wireless network hardware.

tooki

Well, it seems that hardware manufacturers don't take this in account... (almost?) all hardware allow MAC spoofing, aparently even Apple hardware, although the OSX/darwin driver doesn't seems to allow it...

tooki · Aug 31, 2003, 12:55 PM

Well, clearly since the last time I heard anything about spoofing 802.11, the playing field has changed!

Clearly, it's not something that's supported (as it is on wired ethernet), since this was the whole reason why Virtual PC's Virtual Switch doesn't work with Airport.

Some futher research also indicated that MAC spoofing does not work with Airport drivers -- apparently, Kismet unloads the Airport driver and loads its own.

tooki

kampl · Sep 3, 2003, 08:31 PM

What are you trying to do exactly? Can you poison ARP tables instead?