[LARTC] clone MAC address

[LARTC] clone MAC address

[Nicolas Patik]

Hi,

I have a mini router that have this feature, "clone MAC address"

My ISP doesn't allow me to connect more than one computer.
But, with the "clone MAC address" of the mini router, I can connect up
to 5 computers, and my ISP can't notice that.

What do I need to do this "clonning" with my linux box?

Thanks,

Nico
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] clone MAC address

[Stef Coene]

On Tuesday 16 November 2004 03:00, Nicolas Patik wrote:
> Hi,
>
> I have a mini router that have this feature, "clone MAC address"
>
> My ISP doesn't allow me to connect more than one computer.
> But, with the "clone MAC address" of the mini router, I can connect up
> to 5 computers, and my ISP can't notice that.
>
> What do I need to do this "clonning" with my linux box?
>
It's called natting.  Google is your friend.

Stef


-- 
stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] clone MAC address

[Nicolas Patik]

No, I'm not talking about natting ... I'm talking about hidding my
computers from my ISP.

.. or .... are you telling me that the problem with my linux box is
about bad firewall rules?

Right now with my linux box doing NAT they can find that I have others
computers connected. Instead with the minirouter doing "clone MAC
address" (I don't know what else this minirouter is doing) ... they
can't.

Could my ISP be running any tool that can detect more than one
computer? I guess something ARP related?

Thanks,

Nicolas

On Tue, 16 Nov 2004 19:15:59 +0100, Stef Coene <stef.coene@docum.org> wrote:
> On Tuesday 16 November 2004 03:00, Nicolas Patik wrote:
>
>
> > Hi,
> >
> > I have a mini router that have this feature, "clone MAC address"
> >
> > My ISP doesn't allow me to connect more than one computer.
> > But, with the "clone MAC address" of the mini router, I can connect up
> > to 5 computers, and my ISP can't notice that.
> >
> > What do I need to do this "clonning" with my linux box?
> >
> It's called natting.  Google is your friend.
>
> Stef
>
> --
> stef.coene@docum.org
>  "Using Linux as bandwidth manager"
>      http://www.docum.org/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] clone MAC address

[Chris Bennett]

Cloning a MAC address really has nothing to do with particular act of hiding 
multiple computers behind a firewall.

Sometimes an ISP will register the MAC address of a particular device to 
make sure you don't use any other device.  Cloning the MAC address is a way 
of getting around this so you can use some other device (such as replacing a 
single computer with a NAT router/firewall).  If your ISP has registered the 
MAC of the single computer that you currently use, then yes, you will need 
to clone that MAC to your linux box (offhand I don't know how that is done 
either).  But this is just a matter of switching one device for another... 
not with adding multiple computers.

Assuming you can first get the linux box to work with your ISP as your 
"single device", then NAT is what hides your computers that you route though 
the linux box.  The IP of the linux box (and the MAC of the linux box) is 
the only thing that the outside world will see, if NAT is configured 
properly.

----- Original Message ----- 
From: "Nicolas Patik" <nicolas.patik@gmail.com>
To: <lartc@mailman.ds9a.nl>
Sent: Tuesday, November 16, 2004 1:29 PM
Subject: Re: [LARTC] clone MAC address


> No, I'm not talking about natting ... I'm talking about hidding my
> computers from my ISP.
>
> .. or .... are you telling me that the problem with my linux box is
> about bad firewall rules?
>
> Right now with my linux box doing NAT they can find that I have others
> computers connected. Instead with the minirouter doing "clone MAC
> address" (I don't know what else this minirouter is doing) ... they
> can't.
>
> Could my ISP be running any tool that can detect more than one
> computer? I guess something ARP related?
>
> Thanks,
>
> Nicolas
>
> On Tue, 16 Nov 2004 19:15:59 +0100, Stef Coene <stef.coene@docum.org> 
> wrote:
>> On Tuesday 16 November 2004 03:00, Nicolas Patik wrote:
>>
>>
>> > Hi,
>> >
>> > I have a mini router that have this feature, "clone MAC address"
>> >
>> > My ISP doesn't allow me to connect more than one computer.
>> > But, with the "clone MAC address" of the mini router, I can connect up
>> > to 5 computers, and my ISP can't notice that.
>> >
>> > What do I need to do this "clonning" with my linux box?
>> >
>> It's called natting.  Google is your friend.
>>
>> Stef
>>
>> --
>> stef.coene@docum.org
>>  "Using Linux as bandwidth manager"
>>      http://www.docum.org/
>>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] clone MAC address

[Frank Gruellich]

Hello,

* Nicolas Patik <nicolas.patik@gmail.com> 16. Nov 04:
> No, I'm not talking about natting ... I'm talking about hidding my
> computers from my ISP.

Tell me, what's the difference.  Can you give some technical description
for this 'hiding' you are talking about?

> .. or .... are you telling me that the problem with my linux box is
> about bad firewall rules?

No.  'Firewall rules' are a matter of layer 3, MACs and their so called
cloning belong to layer 2.

> Right now with my linux box doing NAT they can find that I have others
> computers connected.

Contradicting to Chris they can.  But trust me, they won't.  Finding
hosts behind a NAT router is very difficult and involves the collection
of huge amounts of traffic.[1]  After all, it will not work for any OSs.

What exactly is your problem?  For this clone-MAC-feature search the
manpage of ifconfig for 'hardware address'.  It's not supported by all
NIC drivers, but for most.  Do you change your routers from time to
time?  DHCP servers cache MACs and may not offer a second IP number if
had another interface connected some time ago.  They should flush the
cache after some days.  If they don't call them and feign a story about
a new NIC you bought recently.

HTH,
 regards, Frank.
==footnotes=[1] Ascending TCP sequence numbers, not changed by NAT, you know?
-- 
Sigmentation fault
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] clone MAC address

[Nicolas Patik]

The problem is when there is a problem. =)

When the conection is ok, there is no problem.

When the conection goes down for 'normal' reasons, also it's ok, but
when there are unknown reasons (ISP network problems), they pass the
issue to their network engineers, and there is when my problem starts,
they can find that I am connecting more computers.

That is why I want to clone the MAC.

-Nicolas


On Wed, 17 Nov 2004 00:00:36 +0100, Frank Gruellich <frank@der-frank.org> wrote:
> Hello,
> 
> * Nicolas Patik <nicolas.patik@gmail.com> 16. Nov 04:
> > No, I'm not talking about natting ... I'm talking about hidding my
> > computers from my ISP.
> 
> Tell me, what's the difference.  Can you give some technical description
> for this 'hiding' you are talking about?
> 
> > .. or .... are you telling me that the problem with my linux box is
> > about bad firewall rules?
> 
> No.  'Firewall rules' are a matter of layer 3, MACs and their so called
> cloning belong to layer 2.
> 
> > Right now with my linux box doing NAT they can find that I have others
> > computers connected.
> 
> Contradicting to Chris they can.  But trust me, they won't.  Finding
> hosts behind a NAT router is very difficult and involves the collection
> of huge amounts of traffic.[1]  After all, it will not work for any OSs.
> 
> What exactly is your problem?  For this clone-MAC-feature search the
> manpage of ifconfig for 'hardware address'.  It's not supported by all
> NIC drivers, but for most.  Do you change your routers from time to
> time?  DHCP servers cache MACs and may not offer a second IP number if
> had another interface connected some time ago.  They should flush the
> cache after some days.  If they don't call them and feign a story about
> a new NIC you bought recently.
> 
> HTH,
> regards, Frank.
> ==footnotes=> [1] Ascending TCP sequence numbers, not changed by NAT, you know?
> --
> Sigmentation fault
> 
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] clone MAC address

[Francisco Pereira]

Frank Gruellich wrote:
> * Nicolas Patik <nicolas.patik@gmail.com> 16. Nov 04:
> 
>>No, I'm not talking about natting ... I'm talking about hidding my
>>computers from my ISP.
> 
> Tell me, what's the difference.  Can you give some technical description
> for this 'hiding' you are talking about?
> 
>>.. or .... are you telling me that the problem with my linux box is
>>about bad firewall rules?
> 
> No.  'Firewall rules' are a matter of layer 3, MACs and their so called
> cloning belong to layer 2.
> 
>>Right now with my linux box doing NAT they can find that I have others
>>computers connected.
> 
> Contradicting to Chris they can.  But trust me, they won't.  Finding
> hosts behind a NAT router is very difficult and involves the collection
> of huge amounts of traffic.[1]  After all, it will not work for any OSs.

It's no so dificult, at least in some cases.
p0f (passive OS fingerprint) uses a technique (that has some 
limitations) to detect masqueraded hosts, it have to sniff all the 
traffic but not collect it.
http://lcamtuf.coredump.cx/p0f.shtml

Regards,
Francisco.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] clone MAC address

[Nicolas Patik]

Is too easy:

ifdown [interface]
ifconfig [interface] hw ether [MAC address wanted]
ifup [interface]

example:
ifdown eth1
ifconfig eth1 hw ether 01:24:03:28:13:FF
ifup eth1

Thanks to all,

--Nicolas



On Wed, 17 Nov 2004 14:39:05 -0000, Abdul Hakeem
<alhakeem100@hotmail.com> wrote:
> Pls let me know when you get it.
> 
> 
> Cheers,
> AH
> 
> -----Original Message-----
> From: Nicolas Patik [mailto:nicolas.patik@gmail.com]
> Sent: 17 November 2004 14:37
> To: alhakeem@ipextelecom.net
> Subject: Re: [LARTC] clone MAC address
> 
> haha, ok
> 
> Not yet, I was researching with my questions, when I implement it (next
> week) I'll tell you how to do it.
> 
> -Nicolas
> 
> On Wed, 17 Nov 2004 14:00:23 -0000, Abdul Hakeem <alhakeem100@hotmail.com>
> wrote:
> > Hello Nicolas,
> > I just wanted to know if you have the answers on how to clone a mac
> > address on an ethernet card. Cheers,
> > AH
> >
> >
> >
> > -----Original Message-----
> > From: Nicolas Patik [mailto:nicolas.patik@gmail.com]
> > Sent: 17 November 2004 13:55
> > To: Abdul Hakeem
> > Subject: Re: [LARTC] clone MAC address
> >
> > Excuse my bad english knowledge, what do you mean with "kindly spare
> > it"?
> >
> > My first guess is you didn't like "wow, that's good Francisco",
> > because it don't add anything usefull to the thread.
> >
> > But on the other hand it was my way of saying "thanks for your help".
> > Is that inappropiate?
> >
> > Or maybe I didn't understand your mail.
> >
> > -Nicolas
> >
> > On Wed, 17 Nov 2004 10:51:07 -0000, Abdul Hakeem
> > <alhakeem100@hotmail.com>
> > wrote:
> > > Hello,
> > > Did you ever get a reply to your question ?
> > > If yes, kindly spare it.
> > > Cheers,
> > > Abdul Hakeem
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: lartc-admin@mailman.ds9a.nl
> > > [mailto:lartc-admin@mailman.ds9a.nl]
> > > On Behalf Of Nicolas Patik
> > > Sent: 16 November 2004 02:01
> > > To: lartc@mailman.ds9a.nl
> > > Subject: [LARTC] clone MAC address
> > >
> > > Hi,
> > >
> > > I have a mini router that have this feature, "clone MAC address"
> > >
> > > My ISP doesn't allow me to connect more than one computer. But, with
> > > the "clone MAC address" of the mini router, I can connect up to 5
> > > computers, and my ISP can't notice that.
> > >
> > > What do I need to do this "clonning" with my linux box?
> > >
> > > Thanks,
> > >
> > > Nico
> > > _______________________________________________
> > >
> > >
> > > LARTC mailing list / LARTC@mailman.ds9a.nl
> > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> > > http://lartc.org/
> > >
> >
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] clone MAC address

[Chris Bennett]

Hi Frank,

I forgot to copy the list earlier so this will be a dup for you (sorry)...

Anyway, in your message you say "contradicting to Chris..." in reference to 
me saying that only the IP and MAC of the NAT router would be visible to the 
ISP.

I'd like to fill in my knowledge gap here.. can you please send a link (or 
explain) how the ISP could get the MAC of a device behind the NAT router?

I know that an ISP could theoretically detect that the router is a NAT via 
OS finger printing and such, but I was not aware that the MACs of the 
machines behind the NAT router could be determined in any way.  Please 
explain.

Thanks,

Chris

----- Original Message ----- 
From: "Frank Gruellich" <frank@der-frank.org>
To: <lartc@mailman.ds9a.nl>
Sent: Tuesday, November 16, 2004 5:00 PM
Subject: Re: [LARTC] clone MAC address


> Hello,
>
> * Nicolas Patik <nicolas.patik@gmail.com> 16. Nov 04:
>> No, I'm not talking about natting ... I'm talking about hidding my
>> computers from my ISP.
>
> Tell me, what's the difference.  Can you give some technical description
> for this 'hiding' you are talking about?
>
>> .. or .... are you telling me that the problem with my linux box is
>> about bad firewall rules?
>
> No.  'Firewall rules' are a matter of layer 3, MACs and their so called
> cloning belong to layer 2.
>
>> Right now with my linux box doing NAT they can find that I have others
>> computers connected.
>
> Contradicting to Chris they can.  But trust me, they won't.  Finding
> hosts behind a NAT router is very difficult and involves the collection
> of huge amounts of traffic.[1]  After all, it will not work for any OSs.
>
> What exactly is your problem?  For this clone-MAC-feature search the
> manpage of ifconfig for 'hardware address'.  It's not supported by all
> NIC drivers, but for most.  Do you change your routers from time to
> time?  DHCP servers cache MACs and may not offer a second IP number if
> had another interface connected some time ago.  They should flush the
> cache after some days.  If they don't call them and feign a story about
> a new NIC you bought recently.
>
> HTH,
> regards, Frank.
> ==footnotes=> [1] Ascending TCP sequence numbers, not changed by NAT, you know?
> -- 
> Sigmentation fault
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] clone MAC address

[Stef Coene]

On Wednesday 17 November 2004 03:03, Nicolas Patik wrote:
> The problem is when there is a problem. =)
>
> When the conection is ok, there is no problem.
>
> When the conection goes down for 'normal' reasons, also it's ok, but
> when there are unknown reasons (ISP network problems), they pass the
> issue to their network engineers, and there is when my problem starts,
> they can find that I am connecting more computers.
How????  See other posts.  As long as you don't tell them, they can't know 
withour special tools.

> That is why I want to clone the MAC.
This cloning will not help you from hiding your other pc's, at least not more 
then natting does.

Stef

-- 
stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] clone MAC address

[sandr8]

Nicolas Patik wrote:

>Hi,
>
>I have a mini router that have this feature, "clone MAC address"
>
>My ISP doesn't allow me to connect more than one computer.
>But, with the "clone MAC address" of the mini router, I can connect up
>to 5 computers, and my ISP can't notice that.
>
>What do I need to do this "clonning" with my linux box?
>  
>
some years ago an italian wrote a tool called HEAT, if i'm not wrong. 
but I cannot find it a the moment...

maybe it has simply disappeared since ebtables already offers what you need:

(from http://ebtables.sourceforge.net/documentation.html)
<<MAC NAT: ability to alter the MAC Ethernet source and destination 
address. This can be useful in some very strange setups (a real-life 
example is available).>>

btw, I think that having a linux box, you'd better use it as a layer 3 
router, rather than a layer 2 bridge... you can do much more in that 
case and... don't forget it, you will appear with more ip addresses than 
you should.

>Thanks,
>
>Nico
>
ciao
Alessandro
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/