Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
How to Keep Your Ethers Away from Harvesters
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Wed Mar 23, 2016 10:34 pm    Post subject: How to Keep Your Ethers Away from Harvesters Reply with quote

title: How to Keep Your Ethers Away from Harvesters
---
Privacy is important. The strongest secret service behind the whole Internet Thing
(not to be confused with the Internet of Things), that controls a lot of the
Internet is only part of some one million people among the two hundred
something millions of U.S. Americans with the security clearance. Very few
dare to be like Edward Snowden, the American hero.

There is no privacy for you, dear *nixer, without security.

So security is important. It's like the keys to your abode. You keep them in
good trust, you don't let the doors unlocked when you're away nor give the keys
easily to anybody, and likewise you keep your computer in good trust only.

Here's just a script (for which if anyone can improve it, they are welcome) to
make one little thing better for your privacy. A very tiny little thing for
your privacy, but necessary.

For the harvesters like Schmoog the Octopus of the Internet (the Google), and
others... Make, with this script, their tracking of your ways on the Internet
just a little harder!

Don't give away the MAC of your NIC, as that is one piece of information that
easily betrays you.

First thing:
Code:

# emerge -a macchanger


Then create the following script. Of course you need to replace the "enp9s0"
with the name of your interface, be it eth0, eth1, enp2s1 or whatever, and
also the numbers.

/root/.bashrc.mac:
Code:

maccur0=`macchanger -s enp9s0 | grep Current | awk '{ print $3 }'` 2>/dev/null
for i in $( echo 00:30:4d:bc:98:12 00:0e:2f:c8:34:b7 ); do
if [ "$maccur0" == "$i" ] ; then macchanger -e enp9s0 2>/dev/null
fi
done;

These are just examples. The "00:30:4d:bc:98:12 00:0e:2f:c8:34:b7", are just
what you get from:
Code:

# ifconfig enp9s0

enp9s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.2.2  netmask 255.255.255.0  broadcast 192.168.2.255
        inet6 fe80::xxx:xxxx:xxxx:xxxx prefixlen 64  scopeid 0x20<link>
---->   ether 00:30:4d:bc:98:12  txqueuelen 1000  (Ethernet)
        RX packets 11710  bytes 704500 (687.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 118  bytes 7844 (7.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 17 

and fill in the other numbers, with a space between them, like those in your SOHO. And run this script from /root/.bashrc by including it in it, i.e. by including the line in it like this:

Code:

source ~/.bashrc.mac


If I knew, I'd reveal to secret services the addresses and whereabouts of pedophiles or
terrorsts and such myself... But blanket surveillance of, basically the whole world, which is what the mightiest mentioned above does, and the other mighty services of other nations follow in their steps... But breaking encryption in programs, *nix world being no exemption... But having millions of people that can take the excuse to spy on anybody via Internet... On basically anybody... regardless of complete absence of any bad intentions in their "objects"... is completely wrong.

Anyway, subscribe to:

https://www.schneier.com/crypto-gram.html

Bruce Schneier being another really great U.S American, doing justice to this great
nation somewhat being trumped and trumpited of lately...

And this is where you can learn things from black and white hats about
privacy. I'm subscribed, but I would never be a black hat even if I got
advanced. It's repulsive to me... Here:

https://lists.immunityinc.com/mailman/listinfo/dailydave
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3509

PostPosted: Wed Mar 23, 2016 11:00 pm    Post subject: Reply with quote

Now if I remember correctly, different ethernet chips have different signatures. So when you change your MAC, it's best to change it somewhere within the MAC-space that goes with your chip manufacturer. Otherwise, someone sufficiently sophisticated could look at your MAC and your ethernet chipset behavior, see that they're not consistent, and know that you're spoofing. At that point you become more "interesting." (That's bad!)

I believe I once read that macchanger has and option to work this way. Using that option may seem less random and thereby less secure, but in fact it's more secure because it's less likely to draw attention by the (frightenly) more knowledgeable.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
Tony0945
Watchman
Watchman


Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA

PostPosted: Wed Mar 23, 2016 11:37 pm    Post subject: Reply with quote

If I change my MAC, my ISP won't give me an ip address and I can't get to the internet. That would be secure, I suppose.
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3509

PostPosted: Thu Mar 24, 2016 1:25 am    Post subject: Reply with quote

Tony0945 wrote:
If I change my MAC, my ISP won't give me an ip address and I can't get to the internet. That would be secure, I suppose.


There's no point in diddling your MAC for your home ISP. They know where you live, they send you a bill every month, they know who you are. Uncle Sam, the NSA, and every other TLA knows or can know that you are you and that's where you live. Changing your MAC at home just makes you stick out.

Changing your MAC is for when you're traveling and connecting to non-standard places. When you're thinking that way, you should think about changing your wireless MAC, essentially same considerations as ethernet.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Thu Mar 24, 2016 2:49 am    Post subject: Reply with quote

... or, without all the heroic rhetoric, and to use the mechanisms already in place for such things:

/etc/conf.d/net:
mac_enp9s0="random-samekind"

/usr/share/doc/netifrc-0.2.2/net.example.bz2 wrote:
# For changing MAC addresses using the below, emerge net-analyzer/macchanger
# - to randomize the last 3 bytes only
#mac_eth0="random-ending"
# - to randomize between the same physical type of connection (e.g. fibre, copper, wireless) , all vendors
#mac_eth0="random-samekind"
# - to randomize between any physical type of connection (e.g. fibre, copper, wireless) , all vendors
#mac_eth0="random-anykind"
# - full randomization - WARNING: some MAC addresses generated by this may NOT act as expected
#mac_eth0="random-full"
# custom - passes all parameters directly to net-analyzer/macchanger
#mac_eth0="some custom set of parameters"

best ... khay
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Thu Mar 24, 2016 6:06 am    Post subject: Reply with quote

khayyam wrote:
... or, without all the heroic rhetoric, and to use the mechanisms already in place for such things:

/etc/conf.d/net:
mac_enp9s0="random-samekind"

/usr/share/doc/netifrc-0.2.2/net.example.bz2 wrote:
# For changing MAC addresses using the below, emerge net-analyzer/macchanger
# - to randomize the last 3 bytes only
#mac_eth0="random-ending"
...

best ... khay

Yes. This is true! Thanks! I didn't know it.
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Thu Mar 24, 2016 6:22 am    Post subject: Reply with quote

depontius wrote:
Tony0945 wrote:
If I change my MAC, my ISP won't give me an ip address and I can't get to the internet. That would be secure, I suppose.


There's no point in diddling your MAC for your home ISP. They know where you live, they send you a bill every month, they know who you are. Uncle Sam, the NSA, and every other TLA knows or can know that you are you and that's where you live. Changing your MAC at home just makes you stick out.

Changing your MAC is for when you're traveling and connecting to non-standard places. When you're thinking that way, you should think about changing your wireless MAC, essentially same considerations as ethernet.

I'm not sure about this.

E.g.: using Tor is legal in most countries.... Doesn't macchanger helps when using it? And do they know automatically who you are when you use Tor. No! They don't!

And make it hard for them to know!

What country you live in?
(
Could be some of those attacked by terrorism, where they think privacy should lose because of security.
Wrong choice, as Schneier repeatedly wrote --but no time to search for links, other than tell: yes it can be found starting from his page already given-- wrong choce. Privacy and security both --both -- lose!
)
There's much to study in the suggestion khayyam gave. And to which I'll be moving on to use.

Tony0945 wrote:
If I change my MAC, my ISP won't give me an ip address and I can't get to the internet. That would be secure, I suppose.

Bad provider. I don't think there can be a law to tell you identify yourself with ethers! They can't require it legally from you...

(I know you are a U.S. American, living in the U.S..) Suppose you change your ether. What do you mean? You can't get online with it? C'mon! I think you should.... bogus try and change you ether card. (

BTW, without time to study it further, the correct way is the way already available in Gentoo, and not what I suggested in my first post in the top. Because that, I expect, changes it earlier, right when the ether is set up, which is not the case with my suggestion, and if you use my suggestion, being a late change of ether numbers, it could be more easily recognized, for machine constantly online.

For me, however, my script works, because I don't connect online at boot time, but physically plug the socket in when all is ready --and that is something I was too sleepy, Europe here, to mention in the opening post.
)

I'll be improving it... With the simple line from /usr/share/doc/netifrc-0.2.2. When I find time... Struggling with:
A Firewalled Internet Access to Internal Subnet.... these days.
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3103

PostPosted: Thu Mar 24, 2016 9:21 am    Post subject: Reply with quote

MiroR, your assumptions about MAC in your homeplace make me doubt you know the basics of how the internet works.
MAC address is only used between your device and the next hop -> your peer within a local network (usually your default gateway).
NSA can't track your MAC unless they are very close to you, and at this point they can hunt you down before you realize you should change your MAC again. Or - they could, if they actually wanted too. Tracking MAC addresses is too hard and too expensive to be worth the effort. Hint: look for "OSI model"
Changing MAC is good when you're connecting to a public network. In this case it may help hide your identity _from_this_particular_network_provider_, unless you announce it inside the data stream. It is totally pointless when you authenticate yourself to your peer by any other means (ppp to your ISP, anyone?), precisely for the reason you _do_authenticate_yourself_.

Tor is another thing. It's an overlay network (just like IP network is an overlay network) that hides the physical location of the endpoints from the middleman. It relies on the fact, that nobody knows whether you are the source/middleman or middleman/destination of the packets you send or receive, because they don't provide source not destination address to the middlemen. Every single middleman only receives the address of the next hop, and only the destination receives the address of the source. It is not particularly efficient, but unlike IP, it does not require all the participants to be sincere.
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Thu Mar 24, 2016 12:10 pm    Post subject: Reply with quote

I don't have much time to write here. So pls. don't assume on my quick lines.
szatox wrote:
MiroR, your assumptions about MAC in your homeplace make me doubt you know the basics of how the internet works.
MAC address is only used between your device and the next hop -> your peer within a local network (usually your default gateway).
NSA can't track your MAC unless they are very close to you, and at this point they can hunt you down before you realize you should change your MAC again. Or - they could, if they actually wanted too. Tracking MAC addresses is too hard and too expensive to be worth the effort. Hint: look for "OSI model"
Changing MAC is good when you're connecting to a public network. In this case it may help hide your identity _from_this_particular_network_provider_, unless you announce it inside the data stream. It is totally pointless when you authenticate yourself to your peer by any other means (ppp to your ISP, anyone?), precisely for the reason you _do_authenticate_yourself_.

Oh, well, of course.
szatox wrote:
Tor is another thing. It's an overlay network (just like IP network is an overlay network) that hides the physical location of the endpoints from the middleman. It relies on the fact, that nobody knows whether you are the source/middleman or middleman/destination of the packets you send or receive, because they don't provide source not destination address to the middlemen. Every single middleman only receives the address of the next hop, and only the destination receives the address of the source. It is not particularly efficient, but unlike IP, it does not require all the participants to be sincere.

The nodes know all you give them... (remember, little time here, not for details of what you wrote)...
And why give the nodes that unique in the world, if genuine MAC, information... It's an accepted fact that the NSA via its intermediaries and FONs ([F]riend [O]f [N]SA) owns a large proportion of the nodes.

By the way, have a look at what the Schmoog wants from their contractees:
In Defence of Firefox: some Harvesting by Referal Decrypted
https://forums.gentoo.org/viewtopic-t-1038896-highlight-.html
and that info is much less precise than MAC.

If it is not needed, why is there macchanger for us?
Back to top
View user's profile Send private message
Tony0945
Watchman
Watchman


Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA

PostPosted: Thu Mar 24, 2016 1:34 pm    Post subject: Reply with quote

depontius wrote:
Changing your MAC is for when you're traveling and connecting to non-standard places. When you're thinking that way, you should think about changing your wireless MAC, essentially same considerations as ethernet.


Ah! Mobile machines like laptops. Now I understand.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Thu Mar 24, 2016 6:17 pm    Post subject: Reply with quote

Tony0945 wrote:
depontius wrote:
Changing your MAC is for when you're traveling and connecting to non-standard places. When you're thinking that way, you should think about changing your wireless MAC, essentially same considerations as ethernet.


Ah! Mobile machines like laptops. Now I understand.


Abnormal access patterns are a much richer source of fingerprinting metadata than hardware addresses anyway.
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2569

PostPosted: Fri Mar 25, 2016 4:11 pm    Post subject: Reply with quote

Why should I care if someone knows my mac address? Generally speaking nobody tracks mac addresses or serial numbers of network card sales at a retail level.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Fri Mar 25, 2016 5:27 pm    Post subject: Reply with quote

miroR wrote:
If it is not needed, why is there macchanger for us?

miro ... because there are other, non "privacy" related, reasons why someone might need to change the MAC ... such as in PPPoE setups.

Anyhow, I would consider changing the MAC as only a defence (if it can be called that) relating to the particular network you connect to (as per depontius' point re mobility) ... in other cases I would say its pointless, and besides that it wouldn't matter that you'd changed MAC if subsequently you use the same lease, or if the dhcp client provides the DUID when negotiating dhcp (none of which you seem to have mentioned/considered).

best ... khay
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2569

PostPosted: Fri Mar 25, 2016 5:54 pm    Post subject: Reply with quote

I don't consider myself to be a security expert at all. I consider myself to be aware of the need to lock your system down and minimize unnecessary risk.

I have never seen a single argument to why your MAC address is important for a black hat, or even interesting to them.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Fri Mar 25, 2016 6:15 pm    Post subject: Reply with quote

khayyam wrote:
miro ... because there are other, non "privacy" related, reasons why someone might need to change the MAC ... such as in PPPoE setups.

And breaking into networks that think MAC/IP addresses are secure, static access tokens ;)
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2569

PostPosted: Fri Mar 25, 2016 6:49 pm    Post subject: Reply with quote

Ant P. wrote:
khayyam wrote:
miro ... because there are other, non "privacy" related, reasons why someone might need to change the MAC ... such as in PPPoE setups.

And breaking into networks that think MAC/IP addresses are secure, static access tokens ;)


But in these cases you can usually just assign an ip address to yourself and get the same access as anyone else.

SOHO routers are notoriously insecure. MAC spoofing these is irrelevant because it doesn't get you anything AFAICT.
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Fri Mar 25, 2016 8:27 pm    Post subject: Reply with quote

Withdrawing from discussion here, simply because khayyam, Ant.P. and 1clue are pretty likely right, and because I have not sufficient knowledge to discuss this matter.
And also I need to finally get my Firewalled Internet Access to Internal Subnet. Sadly not that talented to do much work if time is not ample enough.

I've learn from you here. Thank you.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Sat Mar 26, 2016 8:22 am    Post subject: Reply with quote

1clue wrote:
I have never seen a single argument to why your MAC address is important for a black hat, or even interesting to them.

1clue ... its not, but its metadata none the less, and we know what use metadata can be put to, from that the question arises, do you trust the networks you connect to.

best ... khay
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum