5

I have set up our home router to only allow certain MAC addresses to connect. One way to test if the filter is working is to spoof a MAC address not in the list and trying to connect to the router. So I have used macshift already to change my MAC address. However it doesn't seem to work.

Before MAC spoofing:

enter image description here

After MAC spoofing:

enter image description here

As the above images show, the physical address stays the same despite "spoofing" the unlisted MAC address. As a result, I can still login (because my original MAC is allowed).

This behavior is the same in both Windows and Linux (macchanger also doesn't work).

+++++++ UPDATE +++++++++++++
It's an Atheros card.

Mywiki Witwiki
  • 199
  • 1
  • 1
  • 8
  • 1
    Are you running CMD as an administrator of the PC? Try using Technitium MAC Address Changer v5 (or higher) running as admin? Whats manufacturer is the NIC? – NULLZ Feb 26 '13 at 05:41
  • Actually TMAC was the first program that I have tried. I always get "Failed...For wireless...set first octet to '02'". How am I suppose to spoof non-'02'-beginning MAC addresses? Administrator privileges also didn't help (for TMAC and macshift). – Mywiki Witwiki Feb 26 '13 at 05:46
  • just use another device to connect.. – Shurmajee Feb 26 '13 at 07:53
  • @MayankSharma I believe the better answer is "just use another device to connect because the problem with your device is ..." – Mywiki Witwiki Feb 26 '13 at 11:23
  • well if i had the answer i would have not left a comment. ;) can't really help with your MAC spoofing problem but you can check your MAC binding by using another device – Shurmajee Feb 26 '13 at 11:37
  • In Windows MAC spoofing is usually done in network driver settings (usually called locally administered address). Oh and install vendor specific drivers, the built-in driver often doesn't expose that feature. – rustyx Jun 13 '18 at 21:25

1 Answers1

4

In Windows vista and above, the OS allows change to specific MAC addresses only, which are, the addresses starting with 2A. However, as far as I know, there is no such limitation in Linux. I suggest you try to spoof your MAC again in windows, this time choose an address starting with 2A and see if it works this time.

EDIT: It doesn't have to be exactly 2A. See comments below for more details.

Wise
  • 285
  • 1
  • 3
  • 11
  • It's seems that you are correct. Any references to this information? – Mywiki Witwiki Feb 26 '13 at 07:09
  • 6
    It doesn't have to be exactly "2A", the two LSB of the first octet are reserved for unicast/multicast and local/global indication (the reason it's the LSB instead of MSB is that's the transmission order for ethernet). This explains it clearly: http://lizardsystems.com/wiki/change_mac_address/faq/change_mac_address_in_windows_7. The 2A-xx-xx prefix is currently unassigned according to the latest OUI list from IEEE. – mr.spuratic Feb 26 '13 at 10:43