automatic mac address randomization on up-to-date Debian 9.5

Kernels & Hardware, configuring network, installing services

automatic mac address randomization on up-to-date Debian 9.5

Postby kinda.autistic » 2018-10-29 11:11

automatic mac address randomization on up-to-date Debian 9.5 with 4.18-amd64, Intel wifi 7260, NetworkManager, KDE/Networks fails?

I am trying to have a random mac address by default before I connect to any network. My results are ambiguous.

1. My approach

1.1) updated my box to the latest backported Debian 9.5 (as of 23 Oct, 2018)

1.2) created /etc/NetworkManager/conf.d/00-macrandomize.conf with following lines







1.3) run

sudo systemctl restart NetworkManager

2. My results

2.1 KDE Networking check

KDE Network applet shows true mac address of my network interface

2.2 ip link check

Code: Select all
sudo ip link

returns a random mac address

2.3 access point (wifi hotspot on Android 8.1 phone) check

returns the same random mac address

3. My questions

3.1 Does ip link and access point check confirm that my mac address is random from the perspective of "all" access points? What would be possible exceptions? 3.2 Can KDE Networks/Networking under some circumstances send my true mac address to a network access point (overriding NetworkManager config) 3.3. Is there (and what is) a smarter way how to achieve my goal of having a random MAC address each time i connect to an access point on my box, as described above, with full KDE?
Posts: 1
Joined: 2018-10-29 11:06

Re: automatic mac address randomization on up-to-date Debian

Postby bw123 » 2018-10-29 13:53

I've noticed this behavior in plasma-nm also, it always shows the actual MAC of the device. I'm not sure why. It does use dbus, and I have read that dbus and nm development aren't always in sync. The wifi scan results seem to disappear also after connected, maybe dbus api can't access them for whatever reason?

It looks like you have it setup correctly and it's working, here's an older post I always check first when I have a question, it has been updated a little for changes in nm v1.6 ... ger-1-4-0/

It's hard to answer your questions, if MAC spoofing as some kind of securtity was very important to me, I would be sure and give it some real-world testing. I don't think anybody could list all the exceptions to any security/privacy measure. If there are known exceptions, then there should be a bug report.

p.s. don't forget the lease if using DCHP, it is stored also, (/var/lib/NetworkManager/dhclient*) You should delete it. Also hostname and id can be overriden.

# dhcp-client-id
# located in [ipv4] and should be set to 01:cloned-mac-address
# see ... haddr.html

# dhcp-hostname
# also in [ipv4] section

good luck
User avatar
Posts: 3786
Joined: 2011-05-09 06:02

Re: automatic mac address randomization on up-to-date Debian

Postby Head_on_a_Stick » 2018-10-29 15:33

Possibly off-topic (I don't use NetworkMangler, sorry) but systemd-networkd offers randomised, spoofed MAC addresses: ... d-networkd

I've just tested the method and it works fine in Debian buster (at least according to the `ip l` output).
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Posts: 12185
Joined: 2014-06-01 17:46
Location: /dev/chair

Return to System configuration

Who is online

Users browsing this forum: No registered users and 9 guests