Re: [Tails-dev] Truly Random Mac Changer

Delete this message

Reply to this message
Author: anonym
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Truly Random Mac Changer
On 05/08/2015 10:11 PM, intrigeri wrote:
> Peter N. Glaskowsky wrote (08 May 2015 18:59:35 GMT) :
>>> On May 8, 2015, at 10:20 AM, intrigeri <intrigeri@???> wrote:
>>> Source Valley wrote (08 May 2015 16:55:50 GMT) :
>>>> There are countless example I can think of where one might need a truly random mac
>>>> changer, here is just one example: If I'm sitting in a coffee shop and I'm the only
>>>> one with a Unique first 3 octet wifi card, then it wouldn't be too difficult to
>>>> reveal who I am.
>>>
>>> I don't understand. May you please clarify?
>
>> I assume this is the usual issue that someone observing the network can look up an OUI, here for example:
>
>> https://www.wireshark.org/tools/oui-lookup.html
>
>> and if it turns out to be distinctive— for example, used only in certain Dell-branded
>> laptops— it could potentially identify the user if he or she is the only user with
>> such a machine in the coffee shop at that moment.
>
> OK, I see. In such contexts, I don't think it matters much what exact
> bits of the MAC address we modify, as long as we spoof the MAC address
> exactly once per session: the timing of connection/disconnection is
> probably enough to correlate a given MAC address with a physical body
> with a quite good success rate: the MAC address that suddenly appears
> on the LAN when $PERSON shows up, takes $COMPUTER of a bag and turns
> it on, and suddenly disappears when $COMPUTER is put back into a bag
> and $PERSON leaves, is very likely to be $COMPUTER's MAC address, and
> the network traffic from that MAC address is very likely $PERSON's
> network traffic.


Exactly. However, having a NIC with a rare OUI is a serious problem in
other ways if the attacker takes that in consideration (i.e. treats that
OUI as unique in some geographical region, which may be reasonable in
some cases I suppose).

Just to further elaborate why randomly picking between OUI:s (or
(worse!) completely randomizing the vendor bytes) isn't so simple to do
in a safe manner, look at this part of the design document:

    https://tails.boum.org/contribute/design/MAC_address/#index12h2


Those conclusions are not set in stone, feel free to attempt to change
our minds! :)

Cheers!