MAC address rotation

Suraj N. Kurapati

  1. Problem
    1. Approach
      1. Solution

        MAC (Media Access Control) addresses are globally unique host (any network entity capable of sending and receiving data) identifiers used at the Data- Link layer of the OSI (Open Systems Interconnect) network model. By their very nature, they provide a mechanism for implementing network access policies by ISP (Internet Service Provider)s, such as allowing or restricting access to any hosts of their choosing.


        Consider an ISP which denies network access to certain hosts by adding their MAC addresses to a denied-list within the ISP’s DHCP (Dynamic Host Configuration Protocol) server.


        Fortunately, a host whose MAC address is listed in the denied-list can emulate a different MAC address and fool the ISP’s DHCP server and regain network access.

        Note that MAC address emulation is a feasible alternative to the near impossible task of altering the actual MAC address (which is hard-coded into the SRAM (Static Random Access Memory) of NIC (Network Interface Controller)s by manufacturers.


        There exist many software tools for emulating MAC addresses, including ifconfig for GNU/Linux and SMAC for Microsoft Windows.

        For ISPs who deny network access when, say, a bandwidth limit is exceeded, hosts can maintain nearly constant (there is a short down-time during each rotation) network access by scheduling changes or rotations in their emulated MAC address. During rotations, a new MAC address can be assembled using any valid 6-digit OUI (Organization Unique Identifier) prefix followed by any 6-digit hexadecimal number.