Randomized MAC changes on a wireless AP

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message
TedCheeze
DD-WRT Novice


Joined: 01 Feb 2016
Posts: 19
Location: Oregon, U.S.

PostPosted: Fri Jul 23, 2021 21:01    Post subject: Randomized MAC changes on a wireless AP Reply with quote
I recently traveled to a family gathering and stayed in a hotel. I stumbled across a rather strange public wifi network provided by the hotel.

I have an outdated laptop that I use a Live Linux OS booted from a USB drive and a USB Wifi dongle to snoop around(audit) a network just to see if the hotspot provider actually implements some form of security, and look for bad actors lurking in the background, before I use the connection for any other purpose. If I don't like what I see I avoid the connection.
Well this Wifi network got my attention since it had A/G/N/AC/AX with WPA2(AES) & WPA3 enabled and had both AP & NET isolation enabled. Now I was curious as what hardware they were using. I looked at the MAC of the AP only to find the first three octets did not match any vendor in a OUI lookup. Hmmm....they even made an effort to change the MAC's on the AP's to mask their hardware. I liked that.
But that was not what really spiked my curiosity. I grabbed my phone and opened up a wifi analyzer and started walking around the hotel to visually look to see what hardware they were running. Again I found myself impressed. I couldn't find a single AP or antenna in sight anywhere. Then it happened. The entire WIFI network(all AP's not just one) briefly went offline and then came back as if it was power cycled. I nearly walked into a wall staring at my phone. Every single MAC (BSSID) of all the AP's had changed. The SSID and passphrases did not change. Then the network repeated this at :06 after the hour on the ODD hours. Then the 11:06am change also included a passphrase change. (11am is hotel checkout time.) After each change you were required to visit a captive portal/radius server to re-authenticate and agree to TOS for use.

So here is my question.

Can a timed/scheduled randomized access point MAC/BSSID change be implemented within DD-WRT?

Yes, I realize Android, iOS, and ChromeOS already provide an option for randomized MACs on the client side for individual Wifi connections. Obviously they were using enterprise class equipment to implement this. However, I would like to replicate this on a smaller scale for a couple of public hot spots I work with. I would think this would provide a nice deterrent against network foot printing and physical location mapping.

Another behavior I observed was that after the third MAC change my Android device would no longer remember the SSID or passphrase, and the option to enable auto-reconnect was greyed out. So there seems to a standard already in place for this configuration, but I have yet to find it. Any ideas? Yes, I inquired about it with the hotel staff, but all they knew was it was controlled by the corporate IT department offsite.
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 4495
Location: UK, London, just across the river..

PostPosted: Sat Jul 24, 2021 8:48    Post subject: Reply with quote
i could find only this one

#!/bin/ash
MAC=`(date; cat /proc/interrupts) | md5sum | sed -r 's/^(.{10}).*$/\1/; s/([0-9a-f]{2})/\1:/g; s/:$//;'`
echo "00:${MAC}"
ifconfig eth0 hw ether 00:${MAC}
nvram set def_hwaddr="00:${MAC}"
nvram set wan_hwaddr="00:${MAC}"
stopservice wan
startservice wan

no idea if its working as it should ...this randomize WAN MAC, as i can see eth0 is used...i guess you can modify it...

there is another one

https://github.com/krabelize/openwrt-random-mac-changer/blob/master/mac-change.sh

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 47117 BS AP,NAT
TP-Link WR1043NDv2 -DD-WRT 47381 BS AP,NAT,AP Isolation,Ad-Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 -DD-WRT 47381 BS AP,NAT,AD/Block,Firewall,Local DNS,Forced DNS,DoT,VPN,VLAN
TP-Link WR1043NDv2 -Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm Atheros/
Netgear R7800 --DD-WRT 47381 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT,Vanilla
Netgear R9000 --DD-WRT 47381 BS AP,NAT,AD-Block,AP Isolation,Firewall,Local DNS,DoT,2,4Ghz only,Vanilla
Broadcom
Netgear R7000 ---DD-WRT 47381 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,VLAN's,DoT,VPN
------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum