beyond MAC address spoofing

Question

Saturday, I am going to have to attempt to connect my notebook to a network that does not like me much. It is a school network. I work there as a volunteer, but don't have a sysadmin to explain what is going on.

I could not connect to this network before. I tried to connect via dhcp, as follows:

service network-manager stop
ifconfig eth0 down
ifconfig eth0 hw ether 00:11:22:33:44:55
ifconfig eth0 up
dhclient eth0

(where 00:11:22:33:44:55 is the mac address of the machine I took the cable from)

I use live thumbdrives on the lab's machines, and they connect fine via dhcp. (I just run dhclient eth0) (the thumbdrives run debian, not ubuntu. My notebook runs ubuntu. I'd hope this would not make a difference, though)

My question is: is there anything else I should try ? What other hypothesis should I consider ? What other tests should I run ?

(btw: yes, my computer's card is eth0)

About the duplicate/close proposal: This question is specifically about other security measures. It asks "I spoofed the MAC and got nowhere", and asks for hypothesis as to why. It might be narrow, but it certainly is not "how to spoof a MAC"

just colorful language. The problem is that I can't connect to it — josinalvo, Apr 15 '15 at 21:14
because that field gets changed after ifconfig eth0 hw ether 00:11:22:33:44:55 — josinalvo, Apr 15 '15 at 21:25
My mistake. duplicate: http://askubuntu.com/questions/81648/how-do-i-change-spoof-my-mac-address-and-easily-switch-between-multiple-ones/609769#609769 — Elder Geek, Apr 15 '15 at 21:50
You might find this helpful: http://searchnetworking.techtarget.com/tutorial/Networking-tutorials — Elder Geek, Apr 16 '15 at 17:41

score 3 · Answer 1 · answered Apr 22 '15 at 04:52

It's possible that they're using some fingerprinting algorithm (i.e. the particular behavior of that ethernet interface such as timing etc.) to determine that the physical host has changed, or they could be polling the various ports on the router (I believe this is possible using SNMP) to determine that it has changed in too short a timeframe.

Think of this from the other angle, and Google "prevent MAC address spoofing" and you'll see a few vendor-specific solutions.

As to how you can get around it, the only possible way seems to be setting up a network bridge (i.e. internet sharing) on one of the existing computers to connect your laptop.

score 1 · Answer 2 · answered Apr 16 '15 at 17:19

1

Are you sure the network does only use the MAC-address for security? Modern Network Access Control (NAC) Systems use much more than just the MAC, e.g. agents on the connecting system that ensure compliance, authentication either password- or certificate-based, etc.

answered Apr 16 '15 at 17:19

Styrofoam

94

No, I am not sure ... – josinalvo Apr 16 '15 at 17:22
However, I do know that is has to be something "physical" in some sense. I can boot another OS on the lab's machines (via a thumb drive) and it works – josinalvo Apr 16 '15 at 17:22
when I bring my own machine, though, I cannot connect – josinalvo Apr 16 '15 at 17:23
If you can boot a different OS, it is likely not a NAC-System. Did you try setting the MAC before you connect to the network? – Styrofoam Apr 16 '15 at 23:43
I'll try again this saturday. Do you have any other hypothesis ? – josinalvo Apr 17 '15 at 03:12

beyond MAC address spoofing

2 Answers2