HOWTO Change Your Network Cards MAC Address

From LinuxReviews
Jump to navigationJump to search
Network-wired.png

Every network card, wired or wireless, has a unique MAC address set in store in the firmware. There may be many good reasons why you would want to hide the unique hardware-hardwired MAC address that identifies your network card. This is specially true if you use a laptop to connect to wireless access points at potentially hostile locations on a regular basis. Here's how you can make your network card identify using a new random MAC address every time you boot a GNU/Linux desktop or laptop computer.

Why A Fixed MAC Address Can Be A Problem

An increasing number of public wireless access points track who connect to them and when. Some secretly log additional information such as DNS queries. The amount of useful data that can be gathered and tied to you will be limited if your laptop is seen as an entirely new device each and every time it shows up. A cafe or university or library can collect and gather and correlate a whole lot more data if what they see as the same device shows up 10 or 50 times.

HOWTO generate a random MAC address

You are supposed to set the top byte of a locally generated MAC address to 0x02 to signal that it is locally administered. Other MAC addresses are supposed to be centrally registered with and managed by the IEEE. You may or may not want to care about that: On one hand, it is always polite to respect standards. On the other hand, it's a consistent piece of information. "It's him, officer, that's the guy who always connects using a random MAC address starting with 02".

A random MAC address starting with 02 can be generated with:

printf '02:%02X:%02X:%02X:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256))

This oneliner can be used in a simple script. Make sure you change the interface (enp2s0 in this example to a correct one:

File: /usr/local/bin/fakenetworkmac.sh
#!/bin/bash
IF=enp2s0
NEWMAC=`printf '02:%02X:%02X:%02X:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256))`
ip link set ${IF} address $NEWMAC

Make the file executable with chmod a+x /usr/local/bin/fakenetworkmac.sh

You can use a simple for loop if you have multiple interfaces.

File: /usr/local/bin/fakenetworkmac.sh
#!/bin/bash
for IF in enp2s0 wlp2s0;do
NEWMAC=`printf '02:%02X:%02X:%02X:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256))`
ip link set ${IF} address $NEWMAC
done


Kemonomimi rabbit.svg
Note: You can not change a network interfaces MAC address when the interface is up. Add ip link set ${IF} down to the above scripts, above the ip link set ${IF} address $NEWMAC line, if you plan on using it after boot. The best approach is to change the MAC address to a random one at boot before the network interface is started (shown below)

HOWTO Change The Mac Address Before Your Network Interfaces Are Activated

GNU/Linux distributions running systemd, and that's most of them, can be made to change the MAC address before network interfaces go up using a systemd service file. Note that you will not be able to change the MAC address once a network interface is up.

File: /etc/systemd/system/fakenetworkmac.service
[Unit]
Description="Fix MAC"
Before=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/fakenetworkmac.sh

[Install]
WantedBy=multi-user.target

Note the Before=network.target line. It is important, that line is what ensures that this service is started before the network interfaces go live.

Now reload the systemd daemons:

systemctl daemon-reload

And enable your new service:

systemctl enable fakenetworkmac.service

That's it. You should now get a fresh new random MAC address on each and every reboot.

Disadvantages To Be Aware Of

A fresh new MAC address will result in a new IP every boot since DHCP servers see it as a new device. That makes it impossible to ssh to the machine by remembering its LAN ip. That can be solved by using something like avahi-dameon in order to get a .local domain you can consistently use to access the machine from your local network.

If you have setup your LAN to only allow services by IP then you've shot yourself in the foot in so many ways. Such services would have to be reconfigured to allow the whole /24 IPv4 network or use some form of actual authentication.

Generating A Random Mac Address Using Python

File: randommac.py
#!/usr/bin/python
import random
print ("02:%02x:%02x:%02x:%02x:%02x" % (random.randint(0, 255),
                             random.randint(0, 255),
                             random.randint(0, 255),
                             random.randint(0, 255),
                             random.randint(0, 255)))

Distribution-Specific Methods Of Setting A Custom MAC Address

The above method using a systemd service will work on any distribution. There are, alternatively, distribution specific methods. One major problem with those is that they will let you set a MAC address but they will not let you use a fresh new random one each and every reboot.

openSUSE and other SUSE-based systems allow you to set a MAC address using LLADDR=xx:xx:xx:xx:xx:xx in /etc/sysconfig/network/ifcfg-ethN

Red Hat Enterprise Linux (RHEL) family distributions allow you to set a MAC address in the same way as openSUSE except that the MAC has to be specified with MACADDR=xx:xx:xx:xx:xx:xx in /etc/sysconfig/network-scripts/ifcfg-ethN

Do note that HWADDR, if present, is used by these scripts to identify network interfaces using the initial MAC. This is not the value you want to change.

Debian, Ubuntu and others in that family let you set hwaddress ether xx:xx:xx:xx:xx:xx in a section in /etc/network/interfaces

Gentoo Linux allows you to change MAC addresses using mac_eth0="xx:xx:xx:xx:xx:xx" style variables in /etc/conf.d/net

Do note that none of these distribution-specific methods let you use a random MAC address each and every boot. Using the above described systemd service may therefore better suit your needs.


Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.