Defense Evasion

MAC Address and OUI Status
Check current MAC addresses
ip link show
Check if MAC randomization is active
nmcli device wifi list
nmcli connection show --active
Check NetworkManager MAC randomization settings
cat /etc/NetworkManager/NetworkManager.conf | grep -A5 "\[device\]"

Properly Configure MAC Address Randomization

Enable full MAC randomization in NetworkManager
sudo tee -a /etc/NetworkManager/NetworkManager.conf << EOF
[device]
wifi.scan-rand-mac-address=yes

[connection]
wifi.cloned-mac-address=random
ethernet.cloned-mac-address=random
connection.stable-id=\${CONNECTION}/\${BOOT}
EOF
Restart NetworkManager
sudo systemctl restart NetworkManager

For more aggressive randomization, change OUI as well

Install macchanger
sudo pacman -S macchanger
Create script to randomize MAC with random OUI
sudo tee /usr/local/bin/randomize-mac.sh << 'EOF'
#!/bin/bash
for interface in $(ip link show | grep -E '^[0-9]+:' | grep -v lo | cut -d: -f2 | tr -d ' '); do
    if [[ $interface =~ ^(wlan|eth|enp) ]]; then
        ip link set $interface down
        macchanger -r $interface
        ip link set $interface up
    fi
done
EOF
sudo chmod +x /usr/local/bin/randomize-mac.sh
SELinux
Display mode
getenforce
Disable SELinux
sudo setenforce 0

Last updated