This really should have the tongue in cheek tag :~P
Which is why I posted it to misc@ and not tech@ :~)
Even if the contributor appears to have added it as a joke how can anyone claim knowledge of what OS the NSA runs internally? I wouldn’t imagine that information is declassified or known, unless it came out in some leak (did it? What Operating Systems DO they run?)
If there is a MAC prefix registered to them why not support it? If they’re on an air-gapped network and there’s no risk of leakage, why not have their systems correctly identify themselves? Why presume that OS known to be the worlds most secure isn’t run internally by the agency known to be as equally paranoid towards security as the OpenBSD team? Is there some rule that everyone except governments can run */OpenBSD?
It seems unless you have knowledge otherwise, tagging it as satire might be misinforming people.
The NSA are presumably capable of configuring their systems to use their own special MAC without special ifconfig flags. We don’t have an Intel or Broadcom option for ifconfig either, yet they get by.
The patch was to set the first three octets of a random lladdr to 00:20:91 which is the organizationally unique identifier for J125, National Security Agency.
The lladdr option for ifconfig(8) allows the user to set a mac address for a device - rather than use the devices mac address. This is particularly useful when you buy a batch of cheap usb ethernet adaptors and discover they all have same mac address…
This patch was in response to Ryan McBride’s tweet asking for the feature - I do not believe this is a valid useful contribution to OpenBSD’s ifconfig function, hence I posted it to misc@ - but I’m looking forward to playing with it in suitably paranoid locations.
Well this has led me down a fun little rabbit hole of trying to learn about MAC addresses and how they’re assigned or programmed into NIC’s. I can’t seem to find a definitive answer. Some sources say the manufacturer programs them in, yet some say that they sometimes do. More a general question than one directed to you specifically, fcbsd, but I’m curious to know more about how exactly this works if anyone wouldn’t mind jumping in. It seems feasible either way–I’d imagine even no MAC (prefix/suffix/any part or whole) could be programmed into the card, and instead it be handled entirely by the Operating System on the layer of, say, a driver. If the kernel were told to expect or recognized the presence of a D-Link adapter, for example, it could look up the appropriate MAC prefix in a table, generate a random suffix, query the network to see if it was valid, and assign it if so, (or query the network, store all addresses, and generate a valid based on randomization and exclusion). So several ways it could conceivably be implemented. And maybe it is implemented in different ways by different Operating Systems–I have no idea. Does anyone here? Searching sometimes isn’t the fastest way to find answers to the more interesting questions.
I’m also curious as to what OS’s are run internally at the NSA. In Snowden’s public statements he advertizes support for Tails. I wonder: is he saying that for the general public, or is that because the NSA uses Linux heavily?
For the most part, all hardware comes with addresses preprogrammed into eeprom by the vendor. The default is for the OS to use this address, but it can be overridden or ignored.
I’m certain this cannot be the case, but for a long time I kinda figured that there was a dedicated chip on the NICs that held the MAC address, and that somewhere there was a factory that made those and that vendors would just buy them.
So, like, you’d pick up a big plastic box of like 10,000 MAC addresses.
I’m not surprised that the interwebs didn’t give a definitive answer - it was often tied to the manufacturer of the hardware. For example, old Sun boxes used to assign the MAC address to the machine not the NIC. The configuration was stored in EEPROM or NVRAM and could be changed by OpenPROM.
MAC addresses are part of the LAN standards - so they are for identifying a machine on a local network - not across networks. When the standards were being written I don’t think the standards committee had envisioned a world where people would carry multiple connected computers (watch, phone, tablet, laptop). Having said that the model has stood the test of time as MAC addresses are not a scarce resource, unlike IPv4 addresses.
Ahh thanks, I didn’t even get what they were talking about until I read the tweet.
Want to mess with your network monitoring team today? Change you MAC to be 00:20:91:… That is NSA’s OUI