Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keeping MAC addresses private


  • Please log in to reply
35 replies to this topic

#1 AnotherMindbomb

AnotherMindbomb

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bishops Cleeve, UK
  • Local time:06:57 PM

Posted 04 November 2016 - 08:51 AM

I was reading the discussion of boot times in this very forum when Viper_Security posted some output with the MAC address of his network card redacted, along with the statement "The MAC address has been redacted for obvious reasons".

 

In a later post, it was stated "and trust me you do NOT want to know the worst thing one can do with a MAC address is....not just anyone can spoof a MAC address ESPECIALLY on NTFS (Windows), there's an order of operations that needs to be in place before you do it, otherwise you can fry your card."

 

I have a few questions about this. as this doesn't seem to be a problem to me - perhaps I'm missing something though.

 

1. Where is the danger in exposing the mac address of a network card?

2. What's the worst thing you can do with a mac address? I can't think of anything that doesn't involve me being physically close to the network card in question and even then, it's trivial to lift the MAC address out of any network traffic

3. Destroying a card by changing it's MAC address? It's nothing more than making an amendment in the device configuration on Windows, so it seems to me that anyone can easily spoof a MAC address, especially in Windows.

 

Is this just hyperbole, or is there more to this than I understand? My network-fu isn't my strongest point, but I'm struggling to see where the issue is.


Edited by AnotherMindbomb, 04 November 2016 - 09:49 AM.


BC AdBot (Login to Remove)

 


#2 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 04 November 2016 - 09:48 AM

My opinion: The MAC address of a network card can be a privacy issue but is never a security issue on its own...

 
If MAC filtering is the only thing that keeps your network safe then you're doing it wrong!
And if the MAC address is a privacy issue, you probably are doing it wrong... also...
 
I fail to see what someone can do with 08:00:27:08:5c:e8 or 08:00:27:c2:b6:d8  :P

But I'm always happy to learn!
 
Like said in the mentioned  thread... for people who are skeptical just use

inxi -Fz

to give your specs...
 
Greets!  :wink:



#3 AnotherMindbomb

AnotherMindbomb
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bishops Cleeve, UK

Posted 04 November 2016 - 04:17 PM

I have to admit, I'm in complete agreement.

 

I'm not sure why I'd be living in mortal fear of any of the MAC addresses of any of my computers being known to the public. On the other hand, I'm not a blackhat in any sense of the word, but I'm happy to be educated should anyone wish to chime in. I'd quite like "Viper Security" to roll up any explain (preferably show) how MAC addresses can be used in nefarious ways as I, like you, am always keen to learn.

 

I'd also quite like to see what damage I can do to a network card by spoofing a MAC address in a variety of operating systems. My money is on "absolutely none whatsoever".



#4 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:06:57 PM

Posted 04 November 2016 - 04:26 PM

First, these people have Zero idea what i do for a living, I'm an IT Auditor, so yes my privacy is a concern. and please don't go throwing allegations of me being a "Black Hat" around, if anything, call me a "White Hat"

 

Unfortunately i will NOT show you how use a MAC in a nefarious way. 

 

 

"I fail to see what someone can do with 08:00:27:08:5c:e8 or 08:00:27:c2:b6:d8   :P"    Well, for one, i can use your MAC now that it is posted to intercept your traffic with a MITM style attack.. that's all im getting into on a public forum and i have ZERO intentions of "showing" one how to do so. 

 

Could also give the longitude and latitude of a wifi router

 

 

 

I'm sure as you know a MAC address is like a registration to a car, it's an identifier. 


Edited by Viper_Security, 04 November 2016 - 04:33 PM.

    IT Auditor & Security Professional

hQBT2G3.png


#5 AnotherMindbomb

AnotherMindbomb
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bishops Cleeve, UK
  • Local time:10:57 AM

Posted 04 November 2016 - 04:40 PM

I said that I'm not a backhat - not that you are.

 

I can understand you not wanting to demonstrate how a MAC address can be used in a nefarious way with you being an IT Auditor - it would be a betrayal of your... erm... auditing ideology. Saying that, can you point me to anything that shows me how a MAC address leakage can cause problems?

 

Edit - my crap spelling


Edited by AnotherMindbomb, 04 November 2016 - 04:44 PM.


#6 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:06:57 PM

Posted 04 November 2016 - 04:51 PM

"

  1. Geographical location tracking: A time-stamped log of a MAC address ties a device to a certain location at a particular time. If the device's owner is known, his or her movements are also known. In case an unknown owner, the tracked movements leak information about the owner, which eventually may lead to identification.

  2. Identify Tails (or Tor) users: If the usage of Tails (or Tor) can be fingerprinted on the network (despite other measures taken), and the owner of a device is known, it can be determined that the owner also is a Tails (or Tor) user.

Spoofing the MAC address is the natural solution. Unfortunately, in some cases MAC spoofing may cause network connection issues or even raise alarms; care should be taken to prevent MAC spoofing in such situations."

https://tails.boum.org/contribute/design/MAC_address/

http://arstechnica.com/apple/2012/03/anatomy-of-an-iphone-leak/

It would be a betrayal to the contracts i signed, and the ideal of "ethical hacking" .

there are a couple links with information you may find useful.

 

I'd like to say, on the MITM attacks, if one were to intercept traffic from a mac, then the information sent also goes to the interceptor, so if they type in their bank details, then one would have that. ( different than Tab-Napping)

 

spoofing it alone can and may cause some damage rendering your WiFi/WLAN card unusable. it's sort of like turning your WiFi card on monitor mode, if not done properly you will need a new wifi card.

 

I'd Love to explain more but I'm afraid some people reading this public forum would have ill-intentions. 

 

 

Also on the Ars link, that is just to be informative. it's difficult to explain the precise process. and there is a LOT more detail that goes into it.

 

EDIT: This is just from an IT Auditor view point.


Edited by Viper_Security, 04 November 2016 - 05:00 PM.

    IT Auditor & Security Professional

hQBT2G3.png


#7 AnotherMindbomb

AnotherMindbomb
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bishops Cleeve, UK
  • Local time:10:57 AM

Posted 04 November 2016 - 05:09 PM

So, with the mac address of a network card, you can determine the location? How would I go about trying this myself. For example, my MAC address is  F4-6D-04-AC-E6-DD - what can you discern about the machine I'm using and its location? 

 

If you'd rather take this out of the public eye, please feel free to PM me with any further info - I'm genuinely interested in finding out what issues a MAC address leakage can cause.

 

Edit: Mor teriibel speeling.


Edited by AnotherMindbomb, 04 November 2016 - 05:14 PM.


#8 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:06:57 PM

Posted 04 November 2016 - 05:17 PM

MAC-Addr
F4-6D-04-AC-E6-OD
 
IP-Addr Vendor: ASUSTek COMPUTER INC., TAIWAN
 
 
from about 20 seconds of "searching" 

    IT Auditor & Security Professional

hQBT2G3.png


#9 AnotherMindbomb

AnotherMindbomb
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bishops Cleeve, UK
  • Local time:10:57 AM

Posted 04 November 2016 - 05:49 PM

Well yes - the vendor is encoded in the MAC address - that much is given.

 

What else can be determined though? if I've leaked my MAC address accidentally on to the net, as I've just done, what can actually be determined about my machine and it's users other than it's an ASUS P67 motherboard?



#10 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:06:57 PM

Posted 04 November 2016 - 05:52 PM

For me: quite a lot

 

For the Casual User: nothing useful.

 

 

As i've said before there is a lot more that goes into this than a MAC Address, the MAC is just the very bottom of the pile.


    IT Auditor & Security Professional

hQBT2G3.png


#11 Guest_GNULINUX_*

Guest_GNULINUX_*

  • Guests
  • OFFLINE
  •  

Posted 04 November 2016 - 06:29 PM

^ Not impressed, everybody can search for a MAC address on DuckDuckGo or even Google/Bing and maybe Yahoo...

Example: http://aruljohn.com/mac.pl

 

Like I said... I believe it can be a privacy issue (anonymity/pseudo-anonymity/no anonymity) but it is never a security issue on its own!

 

I'm just like AnotherMindbomb genuinely interested in this, please provide more info!  :wink:

A link is enough...



#12 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:10:57 AM

Posted 04 November 2016 - 06:40 PM

^ Not impressed, everybody can search for a MAC address on DuckDuckGo or even Google/Bing and maybe Yahoo...

Example: http://aruljohn.com/mac.pl

 

Like I said... I believe it can be a privacy issue (anonymity/pseudo-anonymity/no anonymity) but it is never a security issue on its own!

 

I'm just like AnotherMindbomb genuinely interested in this, please provide more info!  :wink:

A link is enough...

I know anyone can look up a MAC without having real skills, the skills come in during the attacks, which as i said before I'm not going to explain how to do. 


    IT Auditor & Security Professional

hQBT2G3.png


#13 AnotherMindbomb

AnotherMindbomb
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bishops Cleeve, UK

Posted 04 November 2016 - 08:50 PM

I've given you my MAC address, and you've told me it came from an ASUS motherboard, and that's about it. I've got that much info in my "about" panel.

 

"and trust me you do NOT want to know the worst thing one can do with a MAC address is..Actually I do, to be honest  I can't believe that an IT Auditor could possibly advocate security through obscurity, which is what you seem to be doing by constantly saying "ah well, there are many things but I can't mention them".

 

 

How about frying ones NIC by spoofing the MAC; how does that work?

 

I'm probably coming across as adversarial, which is unfortunate and not really my intention. I'm just trying to cut through to the bones of the statements made in the boot-time thread where MAC address infor was punted about like gospel and I can find no evidence to back those statements up.


Edited by AnotherMindbomb, 04 November 2016 - 08:54 PM.


#14 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:10:57 AM

Posted 05 November 2016 - 12:28 AM

Here and here are a couple pretty good answers on stack exchange about this (stack exchange is usually pretty good, but it is people giving answers, may not always be true).

 

Honestly, there is a decent amount of different MAC based attacks, though giving out your MAC address is inherently terrible and probably won't result in much. It isn't like your social security number were your entire life is based off that number (at least here in the US). Sure (like was stated in stack exchange) one could theoretically track/trace you via a MAC address, it is highly unlikely and impractical. As Viper said you could perform some MTIM attacks with MAC addresses were the attacker becomes you and intercepts traffic. But really, the attacker probably already has access to your network for that anyway and can already see all your devices on that network.

 

I'm not really a super paranoid person though, so in my opinion giving out your MAC address is not really a big deal. Would I do it, not necessarily no. Only if there was a legitimate reason to do so would I actually do it. I think other factors really have to come into play for that info to be at all useful.

 

*Edit

 

Here is other info. Like is mentioned in the second comment, and I believe Viper mentioned it as well, you could possibly track someone down via their geolocation. Though, on the flip side, one can do that via a picture someone took if they don't scrub the meta data and have location tagging on in their smart phone.


Edited by DeimosChaos, 05 November 2016 - 12:32 AM.

OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#15 Viper_Security

Viper_Security

  • Members
  • 826 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1
  • Local time:06:57 PM

Posted 05 November 2016 - 02:59 AM

I have nothing more to say on this matter and wish you luck in your endeavor. :)


    IT Auditor & Security Professional

hQBT2G3.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users