Project

General

Profile

Feature #7038

Randomize full MAC address

Added by anon62 about 5 years ago. Updated about 5 years ago.

Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
Spoof MAC
Target version:
-
Start date:
04/07/2014
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
Research
Blueprint:
Starter:
No
Affected tool:

Description

It would be great to enable users to randomize the OUI part of the MAC address too. That's hard to do right, as explained in the design doc.


Related issues

Related to Tails - Feature #7054: Complete MAC spoofing design doc: explain why we only change non-vendor bits Resolved 04/10/2014
Related to Tails - Feature #7224: Link different design documentations from user documentation Confirmed 05/12/2014
Duplicated by Tails - Feature #9360: Complete random mac changer option for advanced users needed Duplicate 05/08/2015
Duplicated by Tails - Bug #15208: TAILS MAC Address Spoofing [Security Fix] Duplicate 01/21/2018
Duplicated by Tails - Bug #15237: EXPOSED MAC ADDRESS ON ALL INTERFACES (controversial development in TAILS) Duplicate 01/24/2018

History

#1 Updated by darkgrid about 5 years ago

This would actually be an easy fix since macchanger is already implemented, just need a couple extra lines of code.

If the "All random" is selected on startup do a simple ifconfig wlan0 down, macchanger -r, ifconfig wlan0 up or something similiar to that.

As far as the random hostname, I think that's a much needed feature however that might take a little longer to implement than the random mac but it shouldn't be that difficult to do.

Just one thing I want to mention about the random hostname. I'm a system administrator myself of a mid-size network and if I see an "amnesia" hostname on my network that's a red flag however if it's something random that will do a better job at flying under the radar and not calling so much attention to itself.

The hostname can be random characters however most hostnames are peoples computer names (Mike, Laptop, Susan, HomePC, Sunshine, moon, bluelap, etc.). A better way to implement this feature would be to a have a word list with something like the top 50,000 common English words or top 10,000 common names. If "Random hostname" is selected at startup the script basically picks one word or name from the list and sets it as the computers hostname. Of course this method will be a little more difficult to implement.

For a quick and easy way to implement the random hostname I see a random number 1 - 10,000 being a easy and effective fix.

#2 Updated by pluto about 5 years ago

This is a much needed feature, I constantly find myself having to manually assign a random mac everytime I use Tails which is rather annoying.

All they would need to do is change the startup from macchanger -a to macchanger -r if "Completely Random" checkbox is marked on startup.

Shouldn't be more than 2 or 3 lines of code change.

Hopefully Tails developers notice this and implement it in Tails 1.0

#3 Updated by intrigeri about 5 years ago

Hopefully Tails developers notice this

It is on purpose that we only change non-vendor bits. I realize the
relevant design doc doesn't make this very clear, and I therefore
created #7054 about it.

#4 Updated by intrigeri about 5 years ago

  • Related to Feature #7054: Complete MAC spoofing design doc: explain why we only change non-vendor bits added

#5 Updated by intrigeri about 5 years ago

anon62 wrote:

As an added bonus if a user selects this "Fully Random" option upon startup it can also assign a random host name instead of just "amnesia" which it currently assigns.

Please don't use a single ticket for two different feature requests. Thanks in advance :)

#6 Updated by sajolida about 5 years ago

  • Subject changed from Extended mac changer option to Randomize full MAC address

#7 Updated by techfx about 5 years ago

Would be very useful if Tails 1.0 implemented the full random mac address option.

If fully random is not possible at least a 02-xx-xx-xx-xx-xx random mac would be great.

#8 Updated by sajolida about 5 years ago

Please read the thread on tails-dev I linked in order to understand why we are doing that on purpose.

#9 Updated by t3x about 5 years ago

I have looked over the link you posted and I still don't understand why we can't have a complete random mac address option on startup.

Can you please elaborate as to why the developers of Tails are against the idea of a fully random mac address option? Thanks.

#10 Updated by intrigeri about 5 years ago

  • Assignee set to anonym

anonym, please answer this. I guess your answer will be a good draft for #7054 :)

#11 Updated by anonym about 5 years ago

I'd like to start by pointing out that the MAC spoofing feature in Tails is not only about hiding the user's real MAC address, but is trying to achieve multiple goals at the same time, sometimes with tradeoffs due to conflicts between them. I recommend that you all read the "Threat model" section of our MAC spoofing design document so you get an understanding of, in particular, AdvGoalIdMacSpoof and AvoidIdMacSpoof.

intrigeri:

anonym, please answer this. I guess your answer will be a good draft for #7054 :)

I gave it a shot (will reference this comment in #7054):

A MAC address has two components:

1. The first six bytes determines the Organizationally Unique Identifier (OUI) which in practice is the chipset's manufacturer. Note that manufacturers generally do not have only a single OUI, but multiple.

2. The last six bytes are used to enumerate unique network interfaces for a particular OUI, i.e. so cards within the same OUI can be distinguished.

Spoofing the OUI part in a way that satisfies our threat model is not straightforward because of AvoidIdMacSpoof since multiple, large categories of OUIs violate that user goal:

  • Unregistered OUI so its not used for any real device (-r option in macchanger)
  • Registered OUI that was registered but never used for any real device (-r, -A, -a)
  • Registered OUI but NICs are special purpose and hence impossible to run Tails on, e.g. NICs only used in ATMs, vending machines or embedded devices (-r, -A, -a)
  • Registered OUI used for NICs in normal computers but for a different type of NIC than the device being spoofed, e.g. wireless vs wired (-r, -A. And -a if we consider other NIC categories than simply "wireless vs wired" since that's the only distinction macchanger has)
  • Registered OUI used for NICs in normal computers but they were manufactured decades ago (-r, -A, -a)
  • Registered OUI used for NICs in normal computers but whose distribution is limited to some restricted, geographical area (-r, -A, -a)

So we have ruled out all macchanger options except -e, which means leaving the OUI as it is. We know it isn't the perfect strategy. The more uncommon the OUI is, the more that part can be used for tracking and the more it violates the AvoidTracking user goal. At least this comes with some uncertainty compared to many of the impossible choices of OUI listed above, which would guarantee widespread violation of AvoidIdMacSpoof among Tails users.

Leaving macchanger aside, we've learned that when spoofing the OUI, it has to be picked very carefully, and there are other tools that take smarter approaches. macchiato, for instance, aims to maintain lists of current and common MAC addresses for different categories of devices so one can do less suspicious choices. However, both the "current" and "common" here are disputable since the criteria for inclusion in macchiato seems rather lax. The verification is up to the submitter, so an ignorant (not necessarily malicious) submitter can easily get an uncommon OUI into the lists. See e.g. the "Contribute" section of the homepage, or the author's request on reddit.

Furthermore, the lists do not take into account that some devices are pretty much only used in some geographical areas. To end with, the lists are very small with around ~20 OUIs in most categories in current Git (as of 2014-04-16). Because of all this, the benefit and potential drawbacks of using macchiato are not well-understood.

Since we haven't found anything better than macchiato, leaving the OUI seems like the best tradeoff between the different user goals in our threat model for now.

#12 Updated by intrigeri about 5 years ago

  • Status changed from New to In Progress
  • Assignee deleted (anonym)
  • Priority changed from Normal to Low
  • Type of work changed from Discuss to Research
  • Starter changed from No to Yes

The design doc now puts it clearly why this is a hard task. Turning it into a low priority Research one, as I doubt we'll undertake it any time soon.

#13 Updated by intrigeri about 5 years ago

  • Category set to Spoof MAC
  • Starter changed from Yes to No

#14 Updated by intrigeri about 5 years ago

  • Description updated (diff)
  • Status changed from In Progress to Confirmed

#15 Updated by emmapeel over 4 years ago

  • Related to Feature #7224: Link different design documentations from user documentation added

#16 Updated by sajolida about 4 years ago

  • Duplicated by Feature #9360: Complete random mac changer option for advanced users needed added

#17 Updated by intrigeri over 1 year ago

  • Duplicated by Bug #15208: TAILS MAC Address Spoofing [Security Fix] added

#18 Updated by intrigeri over 1 year ago

  • Duplicated by Bug #15237: EXPOSED MAC ADDRESS ON ALL INTERFACES (controversial development in TAILS) added

Also available in: Atom PDF