Defense Evasion
MAC Address and OUI Status
Check current MAC addresses
ip link show
Check if MAC randomization is active
nmcli device wifi list
nmcli connection show --active
Check NetworkManager MAC randomization settings
cat /etc/NetworkManager/NetworkManager.conf | grep -A5 "\[device\]"
Properly Configure MAC Address Randomization
Enable full MAC randomization in NetworkManager
sudo tee -a /etc/NetworkManager/NetworkManager.conf << EOF
[device]
wifi.scan-rand-mac-address=yes
[connection]
wifi.cloned-mac-address=random
ethernet.cloned-mac-address=random
connection.stable-id=\${CONNECTION}/\${BOOT}
EOF
Restart NetworkManager
sudo systemctl restart NetworkManager
For more aggressive randomization, change OUI as well
Install macchanger
sudo pacman -S macchanger
Create script to randomize MAC with random OUI
sudo tee /usr/local/bin/randomize-mac.sh << 'EOF'
#!/bin/bash
for interface in $(ip link show | grep -E '^[0-9]+:' | grep -v lo | cut -d: -f2 | tr -d ' '); do
if [[ $interface =~ ^(wlan|eth|enp) ]]; then
ip link set $interface down
macchanger -r $interface
ip link set $interface up
fi
done
EOF
sudo chmod +x /usr/local/bin/randomize-mac.sh
Last updated