Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Changing the mac address on Windows 2000 and XP

From: Adam Jones <ajones1 () gmail com>
Date: Wed, 6 Jul 2005 08:20:16 -0500
Is there any way to change the mac address of a LAN card in Windows
2000 and Windows XP?


Someone who knows more than me will have to field that one.


As a corollary to the question, how would one detect if a computer
was changing its mac address? This is assuming that the network on
which this machine is connected has DHCP enabled.


Well, generally you could do it in one of two ways. The first would be
to use DHCP but restrict address leasing to a set of known and
recorded mac addresses. You would then be able to detect when someone
changes a mac address by looking for requests from an unknown mac that
abruptly follow after a known mac address stops transmitting. This
would take more than a few attempts before you have enough data to
rule out harmless coincidences.

The other way I can think of would be to set up  per-port logging on
the switch for mac addresses. Then you would be able to see
immediately when an address was changed, and follow the wire back to
the physical location to figure out who is doing it.

Neither of those two seem to be standard practice for a generic
working environment. Of the two the latter one is more efficient, but
if you want to go to that much overhead you are better off setting up
your switch ports to only allow connections from a specific address or
a set of addresses. At that point anyone who wants to change their mac
address loses their internet connection.


Pranav

-- 

-Adam
Previous By Date Next
Previous By Thread Next

Current thread: