# How to hide MAC Address



## Detective (Nov 9, 2009)

On freeBSD server(gateway, DDNS, DHCP), I use "arp -s IP MAC_Address pub" to protect some important computers from steeling IP. But someone else in Network can do this: ping IP, then arp -a, he can know MAC_address of an inportant computer, then he changes his own MAC_address, and then steels IP.
How to hide MAC_Address?
I'm sorry for my not good English!


----------



## crsd (Nov 9, 2009)

Don't use ethernet?


----------



## SirDice (Nov 9, 2009)

The OP needs to learn more about ethernet and then he'll realize his question is pretty much a no brainer.

MAC addresses are needed to communicate on layer 2.


----------



## jem (Nov 9, 2009)

It is impossible to hide your MAC address.  It is required for other computers to send network traffic to your machine.

Or to analogise, how do you expect to receive mail if you don't give anyone your house address?


----------



## DutchDaemon (Nov 9, 2009)

Run net-mgmt/arpwatch on the gateway, and have a baseball bat at hand when you see ARP conflicts showing up in your mailbox.


----------



## SirDice (Nov 9, 2009)

What's the danger if someone actually takes one of those IP addresses?

Servers should have fixed IP addresses anyway.


----------



## aragon (Nov 9, 2009)

Detective, what you need is a switch that can prevent ports from learning new MAC addresses.  That will help prevent someone from getting anywhere with a modified MAC address.


----------



## anomie (Nov 9, 2009)

SirDice said:
			
		

> What's the danger if someone actually takes one of those IP addresses?



Possible MITM attack, with aggressive ARP spoofing. (My guess is that is what OP is seeing.)


----------



## MG (Nov 9, 2009)

Detective said:
			
		

> On freeBSD server(gateway, DDNS, DHCP), I use "arp -s IP MAC_Address pub" to protect some important computers from steeling IP. But someone else in Network can do this: ping IP, then arp -a, he can know MAC_address of an inportant computer, then he changes his own MAC_address, and then steels IP.
> How to hide MAC_Address?



Don't know much about this hacking stuff, but how is it possible to hijack a server from outside by using it's ip or MAC adress? As far as I can see it only makes sense when someone tries this from a machine in the same subnet so he needs fysical access to the network.


----------



## SirDice (Nov 10, 2009)

anomie said:
			
		

> Possible MITM attack, with aggressive ARP spoofing. (My guess is that is what OP is seeing.)



Yes, I know what the possible dangers are. I'm just wondering what the OP wants to prevent.


----------



## Detective (Nov 11, 2009)

I know MAC Address is needed. But I don't want it is found out by such common commands


----------



## SirDice (Nov 11, 2009)

Detective said:
			
		

> I know MAC Address is needed. But I don't want it is found out by such common commands



Then you are out of luck. Your security shouldn't rely on it anyway.


----------



## anomie (Nov 11, 2009)

@Detective: If you still need help, please try to be crystal clear about the _problem_ you are trying to solve. "Hiding" a MAC address is not a solution.


----------



## jem (Nov 13, 2009)

It sounds like the correct solution to your problem is to deal with the person who keeps hijacking your MAC address.  Stop them physically connecting to your network.


----------



## SirDice (Nov 13, 2009)

jem said:
			
		

> It sounds like the correct solution to your problem is to deal with the person who keeps hijacking your MAC address.  Stop them physically connecting to your network.



Having a LART on standby usually helps :e


----------



## Myron (Nov 17, 2009)

jem said:
			
		

> It sounds like the correct solution to your problem is to deal with the person who keeps hijacking your MAC address.  Stop them physically connecting to your network.




try to set 1 IP per mac


----------



## Orum (Nov 17, 2009)

Why not just buy a decent switch that prevents this sort of thing?


----------

