automatic mac address randomization on up-to-date Debian 9.5

Kernels & Hardware, configuring network, installing services

automatic mac address randomization on up-to-date Debian 9.5

Postby kinda.autistic » 2018-10-29 11:11

automatic mac address randomization on up-to-date Debian 9.5 with 4.18-amd64, Intel wifi 7260, NetworkManager, KDE/Networks fails?

I am trying to have a random mac address by default before I connect to any network. My results are ambiguous.

1. My approach

1.1) updated my box to the latest backported Debian 9.5 (as of 23 Oct, 2018)

1.2) created /etc/NetworkManager/conf.d/00-macrandomize.conf with following lines

[device]

wifi.scan-rand-mac-address=yes

[connection]

wifi.cloned-mac-address=random

ethernet.cloned-mac-address=random

connection.stable-id=${CONNECTION}/${BOOT}

1.3) run

sudo systemctl restart NetworkManager

2. My results

2.1 KDE Networking check

KDE Network applet shows true mac address of my network interface

2.2 ip link check

Code: Select all
sudo ip link


returns a random mac address

2.3 access point (wifi hotspot on Android 8.1 phone) check

returns the same random mac address

3. My questions

3.1 Does ip link and access point check confirm that my mac address is random from the perspective of "all" access points? What would be possible exceptions? 3.2 Can KDE Networks/Networking under some circumstances send my true mac address to a network access point (overriding NetworkManager config) 3.3. Is there (and what is) a smarter way how to achieve my goal of having a random MAC address each time i connect to an access point on my box, as described above, with full KDE?
kinda.autistic
 
Posts: 1
Joined: 2018-10-29 11:06

Re: automatic mac address randomization on up-to-date Debian

Postby bw123 » 2018-10-29 13:53

I've noticed this behavior in plasma-nm also, it always shows the actual MAC of the device. I'm not sure why. It does use dbus, and I have read that dbus and nm development aren't always in sync. The wifi scan results seem to disappear also after connected, maybe dbus api can't access them for whatever reason?

It looks like you have it setup correctly and it's working, here's an older post I always check first when I have a question, it has been updated a little for changes in nm v1.6
https://blogs.gnome.org/thaller/2016/08 ... ger-1-4-0/

It's hard to answer your questions, if MAC spoofing as some kind of securtity was very important to me, I would be sure and give it some real-world testing. I don't think anybody could list all the exceptions to any security/privacy measure. If there are known exceptions, then there should be a bug report.

p.s. don't forget the lease if using DCHP, it is stored also, (/var/lib/NetworkManager/dhclient*) You should delete it. Also hostname and id can be overriden.

# dhcp-client-id
# located in [ipv4] and should be set to 01:cloned-mac-address
# see https://www.net.princeton.edu/announcem ... haddr.html

# dhcp-hostname
# also in [ipv4] section


good luck
User avatar
bw123
 
Posts: 3532
Joined: 2011-05-09 06:02
Location: TN_USA

Re: automatic mac address randomization on up-to-date Debian

Postby Head_on_a_Stick » 2018-10-29 15:33

Possibly off-topic (I don't use NetworkMangler, sorry) but systemd-networkd offers randomised, spoofed MAC addresses:

https://wiki.archlinux.org/index.php/MA ... d-networkd

I've just tested the method and it works fine in Debian buster (at least according to the `ip l` output).
I suffer from depression and may lash out occasionally, try not to take it personally.
User avatar
Head_on_a_Stick
 
Posts: 8172
Joined: 2014-06-01 17:46
Location: /dev/chair


Return to System configuration

Who is online

Users browsing this forum: No registered users and 7 guests

fashionable