configure dhcpclient to send predefine MAC address

[JimH]

I'm confused. Can dhcpclient send bogus mac address to server or not? I know for fact pump can do it. Many of commercial internet routers (ex: LinkSys) has feature to "clone mac address" for that purpose. do they all use pump?

Ken

Apparently you can spoof a MAC address, this is in the ifup script on my Red Hat 7.2 box:
# this isn't the same as the MAC in the configuration filename. It is
# available as a configuration option in the config file, forcing the kernel
# to think an ethernet card has a different MAC address than it really has.
if [ -n "${MACADDR}" ]; then
ip link set ${DEVICE} address ${MACADDR}
fi

Look in the script on your SUSE box and see if it has an option to spoof the MAC address. Maybe your SUSE box doesn't have the MACADDR option.

I was unaware that you could do this.. The MACADDR option is not in any of the Red Hat docs I have ever read. Just think built-in hacker tools. :-/

Jim H

[Aaron_Adams]

Interesting.

I guess we were both wrong lol

I'm glad I know that now though. Where is the ifup script in RH? I want to find the equivelant in Slack

[JimH]

I guess we were both wrong lol

LOL,, yep. :P

I've looked the ifup script who knows how many times looking at other things, I guess that just never registered. ??? Learn something new anyway. ;D

/etc/sysconfig/network-scripts

Another interesting section of the ifup script. HWADDR doesn't seem to be documented either.

if [ -n "${HWADDR}" ]; then
FOUNDMACADDR=`LC_ALL= LANG= ip -o link show ${REALDEVICE} | \
sed 's/.*link\/ether \([[:alnum:]:]*\).*/\1/'`
if [ "${FOUNDMACADDR}" != "${HWADDR}" ]; then
NEWCONFIG=`fgrep -l "HWADDR=${HWADDR}" /etc/sysconfig/network-scripts/ifcfg-*`
if [ -n "${NEWCONFIG}" ]; then
exec /sbin/ifup ${NEWCONFIG}
fi
NEWCONFIG=`fgrep -l "HWADDR=${HWADDR}" /etc/sysconfig/networking/default/ifcfg-*`
if [ -n "${NEWCONFIG}" ]; then
exec /sbin/ifup ${NEWCONFIG}
else
echo $"Device ${DEVICE} has different MAC address than expected, ignoring."
exit 1
fi
fi
fi

Jim H

[kyiu]

??? I finally have a chance to try the MACADDR in the ifcfg-ethx scripts with the RH7.2. It doesn't work. If through the syntax has changed on this version. So I tried using HWADDR instead. :P Even worst. The box hanged at the ifup. I think it's the kernel. 2.2.16 use in RH7 is a hacker's kernel. What do think?

Ken :-/

[JimH]

Well I decided to experiment with this. I setup a DHCP server on my test box and configured a client to spoof the mac address using the MACADDR setting. After the client grabbed an ip from the server doing an ifconfig ethx showed the spoofed mac address, but I could not access the internet. My firewall/router would just drop the packets.

If you changed the NIC that your DSL modem is connected can't you just turn the modem off until it clears the mac address from the old NIC?

Jim H

[jmbrinks]

You can clear the NIC MAC Address out of a cable or dsl modem by uplgging the modem (powering down) for about 2 minutes then powering it up again.

When it gets plugged back in and turned on ot will reconfigure itself, including the MAC of the NIC.

[kyiu]

I got the answer from the RH support. The RH7.2 is now using dhcpcd as a default for the dhcp client. That may be why the MAC spoofing doesn't work any more after I upgraded my box. Previously. I didn't have to reboot my modem. I just plugged between my W98 box and the linux box, renew my IP, things would work automatically. It's great! ;D Now my linux box is running RH7.2, the dhcp stop working. I've compared the network-scripts folder, there are much more files in RH7.2 then the previous version. The ifup scripts is call something else. I want to change the scripts to use pump when doing the dhcp request. May you can give me some pointer here.

Ken

[JimH]

RH7.2 is now using dhcpcd as a default for the dhcp client. T I want to change the scripts to use pump when doing the dhcp request. May you can give me some pointer here.

Ken

Uninstall the dhcpd rpm and install the pump rpm. The scripts will fall back to using pump if dhcpd isn't found.

Jim H

[kyiu]

???I tried to find the package for dhcpcd using the gno-rpm. I can't find it. :P Both pump and dhcpcd programs are in the sbin folder. I want to uninstall them both, then reinstall only pump. Do you know there I could find them?

Ken

[JimH]

Would be easier to do this from the command line.

Remove the rpm's:

rpm -e dhcpcd pump
Re-install pump. After you cd into the directory when the pump rpm is:

rpm -Uvh pump*.rpm

Jim H