# How to Keep Your Ethers Away from Harvesters

## miroR

title: How to Keep Your Ethers Away from Harvesters

---

Privacy is important. The strongest secret service behind the whole Internet Thing

(not to be confused with the Internet of Things), that controls a lot of the

Internet is only part of some one million people among the two hundred

something millions of U.S. Americans with the security clearance. Very few

dare to be like Edward Snowden, the American hero.

There is no privacy for you, dear *nixer, without security.

So security is important. It's like the keys to your abode. You keep them in

good trust, you don't let the doors unlocked when you're away nor give the keys

easily to anybody, and likewise you keep your computer in good trust only.

Here's just a script (for which if anyone can improve it, they are welcome) to

make one little thing better for your privacy. A very tiny little thing for

your privacy, but necessary.

For the harvesters like Schmoog the Octopus of the Internet (the Google), and

others... Make, with this script, their tracking of your ways on the Internet

just a little harder!

Don't give away the MAC of your NIC, as that is one piece of information that

easily betrays you.

First thing:

```

# emerge -a macchanger

```

Then create the following script. Of course you need to replace the "enp9s0"

with the name of your interface, be it eth0, eth1, enp2s1 or whatever, and

also the numbers.

/root/.bashrc.mac:

```

maccur0=`macchanger -s enp9s0 | grep Current | awk '{ print $3 }'` 2>/dev/null

for i in $( echo 00:30:4d:bc:98:12 00:0e:2f:c8:34:b7 ); do 

if [ "$maccur0" == "$i" ] ; then macchanger -e enp9s0 2>/dev/null

fi

done;

```

These are just examples. The "00:30:4d:bc:98:12 00:0e:2f:c8:34:b7", are just

what you get from:

```

# ifconfig enp9s0

enp9s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.2.2  netmask 255.255.255.0  broadcast 192.168.2.255

        inet6 fe80::xxx:xxxx:xxxx:xxxx prefixlen 64  scopeid 0x20<link>

---->   ether 00:30:4d:bc:98:12  txqueuelen 1000  (Ethernet)

        RX packets 11710  bytes 704500 (687.9 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 118  bytes 7844 (7.6 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

        device interrupt 17  

```

and fill in the other numbers, with a space between them, like those in your SOHO. And run this script from /root/.bashrc by including it in it, i.e. by including the line in it like this:

```

source ~/.bashrc.mac

```

If I knew, I'd reveal to secret services the addresses and whereabouts of pedophiles or

terrorsts and such myself... But blanket surveillance of, basically the whole world, which is what the mightiest mentioned above does, and the other mighty services of other nations follow in their steps... But breaking encryption in programs, *nix world being no exemption... But having millions of people that can take the excuse to spy on anybody via Internet... On basically anybody... regardless of complete absence of any bad intentions in their "objects"... is completely wrong.

Anyway, subscribe to:

https://www.schneier.com/crypto-gram.html

Bruce Schneier being another really great U.S American, doing justice to this great

nation somewhat being trumped and trumpited of lately...

And this is where you can learn things from black and white hats about

privacy. I'm subscribed, but I would never be a black hat even if I got

advanced. It's repulsive to me... Here:

https://lists.immunityinc.com/mailman/listinfo/dailydave

----------

## depontius

Now if I remember correctly, different ethernet chips have different signatures.  So when you change your MAC, it's best to change it somewhere within the MAC-space that goes with your chip manufacturer.  Otherwise, someone sufficiently sophisticated could look at your MAC and your ethernet chipset behavior, see that they're not consistent,  and know that you're spoofing.  At that point you become more "interesting."  (That's bad!)

I believe I once read that macchanger has and option to work this way.  Using that option may seem less random and thereby less secure, but in fact it's more secure because it's less likely to draw attention by the (frightenly) more knowledgeable.

----------

## Tony0945

If I change my MAC, my ISP won't give me an ip address and I can't get to the internet. That would be secure, I suppose.

----------

## depontius

 *Tony0945 wrote:*   

> If I change my MAC, my ISP won't give me an ip address and I can't get to the internet. That would be secure, I suppose.

 

There's no point in diddling your MAC for your home ISP.  They know where you live, they send you a bill every month, they know who you are.  Uncle Sam, the NSA, and every other TLA knows or can know that you are you and that's where you live.  Changing your MAC at home just makes you stick out.

Changing your MAC is for when you're traveling and connecting to non-standard places.  When you're thinking that way, you should think about changing your wireless MAC, essentially same considerations as ethernet.

----------

## khayyam

... or, without all the heroic rhetoric, and to use the mechanisms already in place for such things:

```
mac_enp9s0="random-samekind"
```

 */usr/share/doc/netifrc-0.2.2/net.example.bz2 wrote:*   

> # For changing MAC addresses using the below, emerge net-analyzer/macchanger
> 
> # - to randomize the last 3 bytes only
> 
> #mac_eth0="random-ending"
> ...

 

best ... khay

----------

## miroR

 *khayyam wrote:*   

> ... or, without all the heroic rhetoric, and to use the mechanisms already in place for such things:
> 
> ```
> mac_enp9s0="random-samekind"
> ```
> ...

 

Yes. This is true! Thanks! I didn't know it.

----------

## miroR

 *depontius wrote:*   

>  *Tony0945 wrote:*   If I change my MAC, my ISP won't give me an ip address and I can't get to the internet. That would be secure, I suppose. 
> 
> There's no point in diddling your MAC for your home ISP.  They know where you live, they send you a bill every month, they know who you are.  Uncle Sam, the NSA, and every other TLA knows or can know that you are you and that's where you live.  Changing your MAC at home just makes you stick out.
> 
> Changing your MAC is for when you're traveling and connecting to non-standard places.  When you're thinking that way, you should think about changing your wireless MAC, essentially same considerations as ethernet.

 

I'm not sure about this.

E.g.: using Tor is legal in most countries.... Doesn't macchanger helps when using it? And do they know automatically who you are when you use Tor. No! They don't!

And make it hard for them to know!

What country you live in? 

(

Could be some of those attacked by terrorism, where they think privacy should lose because of security. 

Wrong choice, as Schneier repeatedly wrote --but no time to search for links, other than tell: yes it can be found  starting from his page already given-- wrong choce. Privacy and security both --both -- lose!

)

There's much to study in the suggestion khayyam gave. And to which I'll be moving on to use.

 *Tony0945 wrote:*   

> If I change my MAC, my ISP won't give me an ip address and I can't get to the internet. That would be secure, I suppose.

 

Bad provider. I don't think there can be a law to tell you identify yourself with ethers! They can't require it legally from you...

(I know you are a U.S. American, living in the U.S..) Suppose you change your ether. What do you mean? You can't get online with it? C'mon! I think you should....  bogus try and change you ether card. (

BTW, without time to study it further, the correct way is the way already available in Gentoo, and not what I suggested in my first post in the top. Because that, I expect, changes it earlier, right when the ether is set up, which is not the case with my suggestion, and if you use my suggestion, being a late change of ether numbers, it could be more easily recognized, for machine constantly online.

For me, however, my script works, because I don't connect online at boot time, but physically plug the socket in when all is ready --and that is something I was too sleepy, Europe here, to mention in the opening post.

)

I'll be improving it... With the simple line from /usr/share/doc/netifrc-0.2.2. When I find time... Struggling with:

A Firewalled Internet Access to Internal Subnet.... these days.

----------

## szatox

MiroR, your assumptions about MAC in your homeplace make me doubt you know the basics of how the internet works.

MAC address is only used between your device and the next hop -> your peer within a local network (usually your default gateway).

NSA can't track your MAC unless they are very close to you, and at this point they can hunt you down before you realize you should change your MAC again. Or - they could, if they actually wanted too. Tracking MAC addresses is too hard and too expensive to be worth the effort. Hint: look for "OSI model"

Changing MAC is good when you're connecting to a public network. In this case it may help hide your identity _from_this_particular_network_provider_, unless you announce it inside the data stream. It is totally pointless when you authenticate yourself to your peer by any other means (ppp to your ISP, anyone?), precisely for the reason you _do_authenticate_yourself_.

Tor is another thing. It's an overlay network (just like IP network is an overlay network) that hides the physical location of the endpoints from the middleman. It relies on the fact, that nobody knows whether you are the source/middleman or middleman/destination of the packets you send or receive, because they don't provide source not destination address to the middlemen. Every single middleman only receives the address of the next hop, and only the destination receives the address of the source. It is not particularly efficient, but unlike IP, it does not require all the participants to be sincere.

----------

## miroR

I don't have much time to write here. So pls. don't assume on my quick lines.

 *szatox wrote:*   

> MiroR, your assumptions about MAC in your homeplace make me doubt you know the basics of how the internet works.
> 
> MAC address is only used between your device and the next hop -> your peer within a local network (usually your default gateway).
> 
> NSA can't track your MAC unless they are very close to you, and at this point they can hunt you down before you realize you should change your MAC again. Or - they could, if they actually wanted too. Tracking MAC addresses is too hard and too expensive to be worth the effort. Hint: look for "OSI model"
> ...

 

Oh, well, of course.

 *szatox wrote:*   

> Tor is another thing. It's an overlay network (just like IP network is an overlay network) that hides the physical location of the endpoints from the middleman. It relies on the fact, that nobody knows whether you are the source/middleman or middleman/destination of the packets you send or receive, because they don't provide source not destination address to the middlemen. Every single middleman only receives the address of the next hop, and only the destination receives the address of the source. It is not particularly efficient, but unlike IP, it does not require all the participants to be sincere.

 

The nodes know all you give them... (remember, little time here, not for details of what you wrote)...

And why give the nodes that unique in the world, if genuine MAC, information... It's an accepted fact that the NSA via its intermediaries and FONs ([F]riend [O]f [N]SA) owns a large proportion of the nodes.

By the way, have a look at what the Schmoog wants from their contractees:

In Defence of Firefox: some Harvesting by Referal Decrypted

https://forums.gentoo.org/viewtopic-t-1038896-highlight-.html

and that info is much less precise than MAC.

If it is not needed, why is there macchanger for us?

----------

## Tony0945

 *depontius wrote:*   

> Changing your MAC is for when you're traveling and connecting to non-standard places.  When you're thinking that way, you should think about changing your wireless MAC, essentially same considerations as ethernet.

 

Ah! Mobile machines like laptops. Now I understand.

----------

## Ant P.

 *Tony0945 wrote:*   

>  *depontius wrote:*   Changing your MAC is for when you're traveling and connecting to non-standard places.  When you're thinking that way, you should think about changing your wireless MAC, essentially same considerations as ethernet. 
> 
> Ah! Mobile machines like laptops. Now I understand.

 

Abnormal access patterns are a much richer source of fingerprinting metadata than hardware addresses anyway.

----------

## 1clue

Why should I care if someone knows my mac address?  Generally speaking nobody tracks mac addresses or serial numbers of network card sales at a retail level.

----------

## khayyam

 *miroR wrote:*   

> If it is not needed, why is there macchanger for us?

 

miro ... because there are other, non "privacy" related, reasons why someone might need to change the MAC ... such as in PPPoE setups.

Anyhow, I would consider changing the MAC as only a defence (if it can be called that) relating to the particular network you connect to (as per depontius' point re mobility) ... in other cases I would say its pointless, and besides that it wouldn't matter that you'd changed MAC if subsequently you use the same lease, or if the dhcp client provides the DUID when negotiating dhcp (none of which you seem to have mentioned/considered).

best ... khay

----------

## 1clue

I don't consider myself to be a security expert at all.  I consider myself to be aware of the need to lock your system down and minimize unnecessary risk.

I have never seen a single argument to why your MAC address is important for a black hat, or even interesting to them.

----------

## Ant P.

 *khayyam wrote:*   

> miro ... because there are other, non "privacy" related, reasons why someone might need to change the MAC ... such as in PPPoE setups.

 

And breaking into networks that think MAC/IP addresses are secure, static access tokens ;)

----------

## 1clue

 *Ant P. wrote:*   

>  *khayyam wrote:*   miro ... because there are other, non "privacy" related, reasons why someone might need to change the MAC ... such as in PPPoE setups. 
> 
> And breaking into networks that think MAC/IP addresses are secure, static access tokens 

 

But in these cases you can usually just assign an ip address to yourself and get the same access as anyone else.

SOHO routers are notoriously insecure.  MAC spoofing these is irrelevant because it doesn't get you anything AFAICT.

----------

## miroR

Withdrawing from discussion here, simply because khayyam, Ant.P. and 1clue are pretty likely right, and because I have not sufficient knowledge to discuss this matter.

And also I need to finally get my Firewalled Internet Access to Internal Subnet. Sadly not that talented to do much work if  time is not ample enough.

I've learn from you here. Thank you.

----------

## khayyam

 *1clue wrote:*   

> I have never seen a single argument to why your MAC address is important for a black hat, or even interesting to them.

 

1clue ... its not, but its metadata none the less, and we know what use metadata can be put to, from that the question arises, do you trust the networks you connect to.

best ... khay

----------

