Re: [Tails-dev] [RFC] Design (and prototype) for MAC spoofin…

Delete this message

Reply to this message
Autore: intrigeri
Data:  
To: The Tails public development discussion list
Oggetto: Re: [Tails-dev] [RFC] Design (and prototype) for MAC spoofing in Tails
Hi,

anonym wrote (25 Oct 2013 23:01:42 GMT) :
> I'm unsure of how to proceed for wired connections. The problem is that
> there's no strong concept of being "associated" to a wired network (at
> least a "standard" ones, perhaps there is with 802.1x security...). I
> haven't really looked into this deeply but I suspect it'll be hard to
> identify blocking without confusing it with other types of wired
> connection filures.


Agreed.

> If any one has good clues about how wired MAC
> address blocking works (e.g. on which level. DHCP? Lower layer?) I'd
> appreciate hearing about it.


No idea. I doubt many network admins goes as far as white-listing
known MAC addresses on the switches, but blocking access to anyone who
hasn't a valid DHCP lease (that can only be obtained if your MAC is on
a whitelist) wouldn't surprise me.

> Funny side-note: MAC spoofing apparently breaks both NAT-based and
> bridge-based networking in VirtualBox (it works well in libvirt/KVM
> though). We may want to add a specific notification if we detect that
> Tails is run in VirtualBox on network failure.


Oh $DEITY :/

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc