lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 22 Apr 2009 15:38:10 -0700
From:	Inaky Perez-Gonzalez <inaky@...ux.intel.com>
To:	Stephen Hemminger <shemminger@...tta.com>
Cc:	Mark Smith <ipng@...06e6720323030352d30312d31340a.nosense.org>,
	netdev@...r.kernel.org
Subject: Re: What makes a good fake MAC address?

On Wednesday 22 April 2009, Stephen Hemminger wrote:
> On Wed, 22 Apr 2009 15:15:05 -0700
>
> Inaky Perez-Gonzalez <inaky@...ux.intel.com> wrote:
> > On Wednesday 22 April 2009, Mark Smith wrote:
> > > Hi Inaky,
> > >
> > > (please CC me, I'm not on the list)
> > >
> > > "The problem with using a zero mac address is that it confuses the
> > > bridging software (and maybe others). I was wondering, what would
> > > be a fake mac address we could put in there that is legal for this
> > > kind of "faking"? [or the closest thing to legal?]"
> > >
> > > Since you're from an organisation with an OUI allocation or two, I
> > > think a real Intel one would be best. It then wouldn't be fake, and
> > > no matter where it was exposed (host only, local network, or
> > > globally e.g. in IPv6 node addresses), it would be guaranteed not
> > > to collide with any other addresses (unless Intel make error an
> > > error in their own OUI administration.)
> >
> > It doesn't really work, because it is for the "from" end of the
> > connection; as said somewhere else in the thread, the WiMAX link is
> > P2P, IP only. The card has a local address, that we use for the "to"
> > field, but for the from, we need to fake an address from the network
> > -- which is not necessarily an intel device :)
> >
> > So maybe local addresses would not be the right choice, and clearly
> > Intel assigned ones neither :)
>
> You need a from address for the bridge to be able to populate its
> forwarding table. If remote end is always same, just get some random
> address at start of tunnel and reuse it.

Nope, the remote end will change as you move around from base station to base 
station :(

-- 
Inaky
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ