Raspberry Pi random host generator

Say you have a really watchful network/systems administrator that keeps a close eye on new devices being joined to the network...

You know where this is going. It's April 1st.

Toss this into /home/pi, then make it executable.

while true
  mac=`echo -n 00:03:BA; dd bs=1 count=3 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"'`
  newhost=`dd if=/dev/urandom bs=35 count=1 2>/dev/null | tr -dc "a-z"`
  echo $mac $newhost
  ifconfig eth0 down
  pkill dhclient
  hostname $newhost
  ifconfig eth0 hw ether $mac
  rm /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
  ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -P ''
  ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa -P ''
  ifconfig eth0 up
  dhclient eth0
  ip addr show eth0 | grep "inet "
  echo "Sleeping..."
  sleep 60

You can add the below line before "exit 0" line at the end of /etc/rc.local on Raspbian to make it start up at boot.  You have a random host generator that spawns a new MAC Address, random host name and new SSH keys every minute or so.

nohup /home/pi/mac.sh >> /tmp/mac.out&

A few notes:

  • This will totally hose all of your SSH host keys on the pi.  Make backups of them if they're important to you.
  • I chose an OUI (00:30:BA) that I knew would not match anything else on the target network. You may wish to do some research and change the hard-coded OUI prefix in the code above.
  • The interface fluxing will also make remote management troublesome unless you have a wireless adapter that's on a more stable network, but this can betray you, as the host keys keep changing to match the wired interfaces. 
  • I took the additional step of leaving the Pi powered on for a few minutes before attaching the ethernet cable, so that it wouldn't ever show up on the network with a Raspberry Pi MAC address, since it had time to generate a new fake address before I hooked it in.
  • There are some very simple ways to defend against something like this.
  • It goes without saying, but pranks at work can lead to disciplinary action.
Also, thanks to the target of this April Fool's day prank for giving me a few extra ideas (included here, but not in the original implementation) after catching me in the act. 

blog comments powered by Disqus