Home / server / Questions / 106653
Accepted
Evan Carroll
Asked: 2010-01-27 18:51:42 +0800 CST

What does the MAC setting on an interface do to the ability to transmit frames?

  • 772

I'm told that an interface can transmit a frame no matter what the OS has set for the interface's MAC. I'm also under the impression this is how VMs do host-bridging. If that is so, then what uses the interfaces bound MAC address?

Specifically, I'm asking about the software MAC not the MAcs that were burned into the ROM in the 70s:

wlan0     Link encap:Ethernet  HWaddr 00:16:ce:01:

That is a line of output from ifconfig, but I'm told the interface wlan0 can transmit under /any/ MAC address, and that MAC I'm seeing does nothing at all (except maybe provide a default for some libraries). I'm told that with a VM's host-bridging it will exploit that, and transmit on an arbitrary amount of ip address - but that it doesn't stop there the AP will actually permit you to assign a unique IP to each one of those VMs, because the AP will receive the requests on different MACs.

  1. Do you have any special permissions (linux) to craft a packet from a "virtual" MAC address.
  2. If a MAC address is how a router tracks what interface, and host, has whatever IP, then how do you stop one host from request all of the IPs to virtual interfaces
  3. How do you stop users from using virtual MAC addresses
  4. Does this require a special option in the kernel or piece to built in the network stack?
virtualization networking mac-address

1 Answers

  1. Best Answer

    MAC addresses are organized and standardized by the IEEE. Every device that connects to an ethernet network has a unique MAC address that is assigned to it, this way any two devices can be on the same network and communicate without problems. This doesn't mean that the OS can't choose what MAC address to use though, like for monitoring or spoofing traffic. Plenty to read here

    In response to questions below

    1. With root permissions you are able to do what ever you want (basically). There are two ways to send a packet with a custom MAC: First, Changing the MAC address on the interface with the ifconfig command, this will affect all traffic system wide; Second, forming the packets yourself and writing them directly to the interface with specialized code. For instance, nmap uses this method when you tell it to scan ports with a different source MAC address.
    2. (and 3) You don't. If a malicious host was on your network and decided to hijack MAC addresses you could have a serious problem. This is one reason why securing your LAN and having tight access control policies are important. At my company, our desktop LAN switches are configured such that each port learns the MAC address of the computer that is connected to it and if that address changes the port is shutdown, also all ports that aren't in use are shutdown. This policy was implemented after a night security officer tried to plug in his laptop which was configured with a static IP the same as one of our servers and caused a lot of problems. By limiting each port to one MAC address we are now able to prevent(mostly) this from happening. Only if someone knew to change their MAC to the address of the computer that is already plugged in would they be able to get on our network, this is highly unlikely. Also, with regards to requesting all IPs to all MACs, your switch is constantly updating its MAC table so as soon as the valid host sends a new packet the table will update with the correct port. If the malicious person was constantly poisoning the network with malformed packets though there would be very little you could do.
    • 4