MAC address

[Jeremy Bowers]

On Tue, 21 Sep 2004 17:13:01 +1000, Ajay wrote:
> since its not a commercial application - merely a research project, no, i
> haven't done a threat analysis w.r.t to the type of information exchanged.
> i have however looked at all security threats in such a system and will be
> applying mechanisms for authentication, confidentiality, integrity etc.

Ah. Thank you, that it was interesting.

The last thing I would point out is that changing *somebody else's* MAC
address is something of a hostile act, and it is sufficiently geeky that
nobody can really give informed consent except people who really
understand ethernet. Your program may work on your network, but may cause
wierd and random seeming interactions with other networks when those
devices are used elsewhere, since things like "MAC address locking" are
sometimes used as a stopgap solution to wireless security while we wait
for the real thing. (Hopefully WPA will qualify, but it still must be
widely deployed and prove itself.)

As a research project, great. But I would not care to incur the potential
liabilities involved in releasing this to the general public. (I mean a
general "liability" here, not just legal but also support for the
inevitable "now my device won't connect to my work network, what did you
do to it?) 

You can theoretically try to change the MAC back, but you'll find getting
all the details for that right to be a challenge, and depending on the
device, borderline impossible.

Good luck and have fun; I'm not trying to inhibit you, just make sure you
are aware that you are in Deep Hack Zone and need to be careful,
especially as some people may just use the bad definition of "hacker" here...