Linux assign bogus MAC address

January 2, 2019
No Comments

With linux we can change the MAC address of an interface via several methods:

  1. ifconfig <device> hw ether <mac address>
  2. ip link set <device> address <mac address>
  3. macchanger <device> <mac address>

One disadvantage, we can only configure a unicast MAC address. It’s not possible to configure a non-unicast or bogus address.

i.e. ifconfig eth0 hw ether 03:bf:0a:00:02:0a

SIOCSIFHWADDR: Cannot assign requested address

As mentioned above, it’s not possible to configure a non-unicast or bogus mac address in combination with a unicast ip address. However from network perspective it’s possible to use this combination. How? See below:

Solution:

  • bridge
  • ebtables
  • arptables

 

  • ip address flush <interface>
  • brctl addbr <bridgename>
  • brctl addif <bridgename> <interface>
  • ifconfig <bridgename> up
  • ifconfig <bridgename> <ip address/netmask>

 

To change the souce MAC address to a new (bogus) MAC address

  • ebtables -t nat -A POSTROUTING -o <physical interface> -s <current MAC address> -j snat –to-src <New MAC address>
  • ebtables -t nat -A PREROUTING -i <physical interface> -d <New Mac address> -j dnat –to-dst <current MAC address>

 

One tiny problem: ARP content isn’t changed with ebtables. To change ARP content in ARP request and ARP reply, we will use arptables on the bridge interface:

  • arptables -A OUTPUT -o <bridge interface> –opcode 1 -l 6 -j mangle –mangle-mac-s <New MAC address>
  • arptables -A OUTPUT -i <bridge interface> –opcode 2 -l 6 -j mangle –mangle-mac-d <current MAC address>
  • arptables -A INPUT-i <bridge interface> –opcode 2 -l 6 -j mangle –mangle-mac-s <New MAC address>

 

Example

  • ip address flush eth0
  • brctl addbr br0
  • brctl addif br0 eth0
  • ifconfig br0 up
  • ifconfig br0 10.0.2.10/24
  • ebtables -t nat -A POSTROUTING -o eth0 -s -d 03:bf:0a:00:02:0a -j snat –to-src 03:bf:0a:00:02:0a
  • ebtables -t nat -A PREROUTING -i eth0 -d 03:bf:0a:00:02:0a -j dnat –to-dst 38:af:d7:ab:96:f5
  • arptables -A OUTPUT -o br0 –opcode 1 -l 6 -j mangle –mangle-mac-s 03:bf:0a:00:02:0a
  • arptables -A OUTPUT -o br0 –opcode 2 -l 6 -j mangle –mangle-mac-d 03:bf:0a:00:02:0a
  • arptables -A INPUT -i br0 –opcode 2 -l 6 -j mangle –mangle-mac-s 38:af:d7:ab:96:f5