Hi, I have a mini router that have this feature, "clone MAC address" My ISP doesn''t allow me to connect more than one computer. But, with the "clone MAC address" of the mini router, I can connect up to 5 computers, and my ISP can''t notice that. What do I need to do this "clonning" with my linux box? Thanks, Nico _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Tuesday 16 November 2004 03:00, Nicolas Patik wrote:> Hi, > > I have a mini router that have this feature, "clone MAC address" > > My ISP doesn''t allow me to connect more than one computer. > But, with the "clone MAC address" of the mini router, I can connect up > to 5 computers, and my ISP can''t notice that. > > What do I need to do this "clonning" with my linux box? >It''s called natting. Google is your friend. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
No, I''m not talking about natting ... I''m talking about hidding my computers from my ISP. .. or .... are you telling me that the problem with my linux box is about bad firewall rules? Right now with my linux box doing NAT they can find that I have others computers connected. Instead with the minirouter doing "clone MAC address" (I don''t know what else this minirouter is doing) ... they can''t. Could my ISP be running any tool that can detect more than one computer? I guess something ARP related? Thanks, Nicolas On Tue, 16 Nov 2004 19:15:59 +0100, Stef Coene <stef.coene@docum.org> wrote:> On Tuesday 16 November 2004 03:00, Nicolas Patik wrote: > > > > Hi, > > > > I have a mini router that have this feature, "clone MAC address" > > > > My ISP doesn''t allow me to connect more than one computer. > > But, with the "clone MAC address" of the mini router, I can connect up > > to 5 computers, and my ISP can''t notice that. > > > > What do I need to do this "clonning" with my linux box? > > > It''s called natting. Google is your friend. > > Stef > > -- > stef.coene@docum.org > "Using Linux as bandwidth manager" > http://www.docum.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Cloning a MAC address really has nothing to do with particular act of hiding multiple computers behind a firewall. Sometimes an ISP will register the MAC address of a particular device to make sure you don''t use any other device. Cloning the MAC address is a way of getting around this so you can use some other device (such as replacing a single computer with a NAT router/firewall). If your ISP has registered the MAC of the single computer that you currently use, then yes, you will need to clone that MAC to your linux box (offhand I don''t know how that is done either). But this is just a matter of switching one device for another... not with adding multiple computers. Assuming you can first get the linux box to work with your ISP as your "single device", then NAT is what hides your computers that you route though the linux box. The IP of the linux box (and the MAC of the linux box) is the only thing that the outside world will see, if NAT is configured properly. ----- Original Message ----- From: "Nicolas Patik" <nicolas.patik@gmail.com> To: <lartc@mailman.ds9a.nl> Sent: Tuesday, November 16, 2004 1:29 PM Subject: Re: [LARTC] clone MAC address> No, I''m not talking about natting ... I''m talking about hidding my > computers from my ISP. > > .. or .... are you telling me that the problem with my linux box is > about bad firewall rules? > > Right now with my linux box doing NAT they can find that I have others > computers connected. Instead with the minirouter doing "clone MAC > address" (I don''t know what else this minirouter is doing) ... they > can''t. > > Could my ISP be running any tool that can detect more than one > computer? I guess something ARP related? > > Thanks, > > Nicolas > > On Tue, 16 Nov 2004 19:15:59 +0100, Stef Coene <stef.coene@docum.org> > wrote: >> On Tuesday 16 November 2004 03:00, Nicolas Patik wrote: >> >> >> > Hi, >> > >> > I have a mini router that have this feature, "clone MAC address" >> > >> > My ISP doesn''t allow me to connect more than one computer. >> > But, with the "clone MAC address" of the mini router, I can connect up >> > to 5 computers, and my ISP can''t notice that. >> > >> > What do I need to do this "clonning" with my linux box? >> > >> It''s called natting. Google is your friend. >> >> Stef >> >> -- >> stef.coene@docum.org >> "Using Linux as bandwidth manager" >> http://www.docum.org/ >> > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello, * Nicolas Patik <nicolas.patik@gmail.com> 16. Nov 04:> No, I''m not talking about natting ... I''m talking about hidding my > computers from my ISP.Tell me, what''s the difference. Can you give some technical description for this ''hiding'' you are talking about?> .. or .... are you telling me that the problem with my linux box is > about bad firewall rules?No. ''Firewall rules'' are a matter of layer 3, MACs and their so called cloning belong to layer 2.> Right now with my linux box doing NAT they can find that I have others > computers connected.Contradicting to Chris they can. But trust me, they won''t. Finding hosts behind a NAT router is very difficult and involves the collection of huge amounts of traffic.[1] After all, it will not work for any OSs. What exactly is your problem? For this clone-MAC-feature search the manpage of ifconfig for ''hardware address''. It''s not supported by all NIC drivers, but for most. Do you change your routers from time to time? DHCP servers cache MACs and may not offer a second IP number if had another interface connected some time ago. They should flush the cache after some days. If they don''t call them and feign a story about a new NIC you bought recently. HTH, regards, Frank. ===footnotes==[1] Ascending TCP sequence numbers, not changed by NAT, you know? -- Sigmentation fault _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
The problem is when there is a problem. =) When the conection is ok, there is no problem. When the conection goes down for ''normal'' reasons, also it''s ok, but when there are unknown reasons (ISP network problems), they pass the issue to their network engineers, and there is when my problem starts, they can find that I am connecting more computers. That is why I want to clone the MAC. -Nicolas On Wed, 17 Nov 2004 00:00:36 +0100, Frank Gruellich <frank@der-frank.org> wrote:> Hello, > > * Nicolas Patik <nicolas.patik@gmail.com> 16. Nov 04: > > No, I''m not talking about natting ... I''m talking about hidding my > > computers from my ISP. > > Tell me, what''s the difference. Can you give some technical description > for this ''hiding'' you are talking about? > > > .. or .... are you telling me that the problem with my linux box is > > about bad firewall rules? > > No. ''Firewall rules'' are a matter of layer 3, MACs and their so called > cloning belong to layer 2. > > > Right now with my linux box doing NAT they can find that I have others > > computers connected. > > Contradicting to Chris they can. But trust me, they won''t. Finding > hosts behind a NAT router is very difficult and involves the collection > of huge amounts of traffic.[1] After all, it will not work for any OSs. > > What exactly is your problem? For this clone-MAC-feature search the > manpage of ifconfig for ''hardware address''. It''s not supported by all > NIC drivers, but for most. Do you change your routers from time to > time? DHCP servers cache MACs and may not offer a second IP number if > had another interface connected some time ago. They should flush the > cache after some days. If they don''t call them and feign a story about > a new NIC you bought recently. > > HTH, > regards, Frank. > ===footnotes==> [1] Ascending TCP sequence numbers, not changed by NAT, you know? > -- > Sigmentation fault > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Frank Gruellich wrote:> * Nicolas Patik <nicolas.patik@gmail.com> 16. Nov 04: > >>No, I''m not talking about natting ... I''m talking about hidding my >>computers from my ISP. > > Tell me, what''s the difference. Can you give some technical description > for this ''hiding'' you are talking about? > >>.. or .... are you telling me that the problem with my linux box is >>about bad firewall rules? > > No. ''Firewall rules'' are a matter of layer 3, MACs and their so called > cloning belong to layer 2. > >>Right now with my linux box doing NAT they can find that I have others >>computers connected. > > Contradicting to Chris they can. But trust me, they won''t. Finding > hosts behind a NAT router is very difficult and involves the collection > of huge amounts of traffic.[1] After all, it will not work for any OSs.It''s no so dificult, at least in some cases. p0f (passive OS fingerprint) uses a technique (that has some limitations) to detect masqueraded hosts, it have to sniff all the traffic but not collect it. http://lcamtuf.coredump.cx/p0f.shtml Regards, Francisco. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Is too easy: ifdown [interface] ifconfig [interface] hw ether [MAC address wanted] ifup [interface] example: ifdown eth1 ifconfig eth1 hw ether 01:24:03:28:13:FF ifup eth1 Thanks to all, --Nicolas On Wed, 17 Nov 2004 14:39:05 -0000, Abdul Hakeem <alhakeem100@hotmail.com> wrote:> Pls let me know when you get it. > > > Cheers, > AH > > -----Original Message----- > From: Nicolas Patik [mailto:nicolas.patik@gmail.com] > Sent: 17 November 2004 14:37 > To: alhakeem@ipextelecom.net > Subject: Re: [LARTC] clone MAC address > > haha, ok > > Not yet, I was researching with my questions, when I implement it (next > week) I''ll tell you how to do it. > > -Nicolas > > On Wed, 17 Nov 2004 14:00:23 -0000, Abdul Hakeem <alhakeem100@hotmail.com> > wrote: > > Hello Nicolas, > > I just wanted to know if you have the answers on how to clone a mac > > address on an ethernet card. Cheers, > > AH > > > > > > > > -----Original Message----- > > From: Nicolas Patik [mailto:nicolas.patik@gmail.com] > > Sent: 17 November 2004 13:55 > > To: Abdul Hakeem > > Subject: Re: [LARTC] clone MAC address > > > > Excuse my bad english knowledge, what do you mean with "kindly spare > > it"? > > > > My first guess is you didn''t like "wow, that''s good Francisco", > > because it don''t add anything usefull to the thread. > > > > But on the other hand it was my way of saying "thanks for your help". > > Is that inappropiate? > > > > Or maybe I didn''t understand your mail. > > > > -Nicolas > > > > On Wed, 17 Nov 2004 10:51:07 -0000, Abdul Hakeem > > <alhakeem100@hotmail.com> > > wrote: > > > Hello, > > > Did you ever get a reply to your question ? > > > If yes, kindly spare it. > > > Cheers, > > > Abdul Hakeem > > > > > > > > > > > > -----Original Message----- > > > From: lartc-admin@mailman.ds9a.nl > > > [mailto:lartc-admin@mailman.ds9a.nl] > > > On Behalf Of Nicolas Patik > > > Sent: 16 November 2004 02:01 > > > To: lartc@mailman.ds9a.nl > > > Subject: [LARTC] clone MAC address > > > > > > Hi, > > > > > > I have a mini router that have this feature, "clone MAC address" > > > > > > My ISP doesn''t allow me to connect more than one computer. But, with > > > the "clone MAC address" of the mini router, I can connect up to 5 > > > computers, and my ISP can''t notice that. > > > > > > What do I need to do this "clonning" with my linux box? > > > > > > Thanks, > > > > > > Nico > > > _______________________________________________ > > > > > > > > > LARTC mailing list / LARTC@mailman.ds9a.nl > > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > > > http://lartc.org/ > > > > > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi Frank, I forgot to copy the list earlier so this will be a dup for you (sorry)... Anyway, in your message you say "contradicting to Chris..." in reference to me saying that only the IP and MAC of the NAT router would be visible to the ISP. I''d like to fill in my knowledge gap here.. can you please send a link (or explain) how the ISP could get the MAC of a device behind the NAT router? I know that an ISP could theoretically detect that the router is a NAT via OS finger printing and such, but I was not aware that the MACs of the machines behind the NAT router could be determined in any way. Please explain. Thanks, Chris ----- Original Message ----- From: "Frank Gruellich" <frank@der-frank.org> To: <lartc@mailman.ds9a.nl> Sent: Tuesday, November 16, 2004 5:00 PM Subject: Re: [LARTC] clone MAC address> Hello, > > * Nicolas Patik <nicolas.patik@gmail.com> 16. Nov 04: >> No, I''m not talking about natting ... I''m talking about hidding my >> computers from my ISP. > > Tell me, what''s the difference. Can you give some technical description > for this ''hiding'' you are talking about? > >> .. or .... are you telling me that the problem with my linux box is >> about bad firewall rules? > > No. ''Firewall rules'' are a matter of layer 3, MACs and their so called > cloning belong to layer 2. > >> Right now with my linux box doing NAT they can find that I have others >> computers connected. > > Contradicting to Chris they can. But trust me, they won''t. Finding > hosts behind a NAT router is very difficult and involves the collection > of huge amounts of traffic.[1] After all, it will not work for any OSs. > > What exactly is your problem? For this clone-MAC-feature search the > manpage of ifconfig for ''hardware address''. It''s not supported by all > NIC drivers, but for most. Do you change your routers from time to > time? DHCP servers cache MACs and may not offer a second IP number if > had another interface connected some time ago. They should flush the > cache after some days. If they don''t call them and feign a story about > a new NIC you bought recently. > > HTH, > regards, Frank. > ===footnotes==> [1] Ascending TCP sequence numbers, not changed by NAT, you know? > -- > Sigmentation fault > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Wednesday 17 November 2004 03:03, Nicolas Patik wrote:> The problem is when there is a problem. =) > > When the conection is ok, there is no problem. > > When the conection goes down for ''normal'' reasons, also it''s ok, but > when there are unknown reasons (ISP network problems), they pass the > issue to their network engineers, and there is when my problem starts, > they can find that I am connecting more computers.How???? See other posts. As long as you don''t tell them, they can''t know withour special tools.> That is why I want to clone the MAC.This cloning will not help you from hiding your other pc''s, at least not more then natting does. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Nicolas Patik wrote:>Hi, > >I have a mini router that have this feature, "clone MAC address" > >My ISP doesn''t allow me to connect more than one computer. >But, with the "clone MAC address" of the mini router, I can connect up >to 5 computers, and my ISP can''t notice that. > >What do I need to do this "clonning" with my linux box? > >some years ago an italian wrote a tool called HEAT, if i''m not wrong. but I cannot find it a the moment... maybe it has simply disappeared since ebtables already offers what you need: (from http://ebtables.sourceforge.net/documentation.html) <<MAC NAT: ability to alter the MAC Ethernet source and destination address. This can be useful in some very strange setups (a real-life example is available).>> btw, I think that having a linux box, you''d better use it as a layer 3 router, rather than a layer 2 bridge... you can do much more in that case and... don''t forget it, you will appear with more ip addresses than you should.>Thanks, > >Nico >ciao Alessandro _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/