Say you have a really watchful network/systems administrator that keeps a close eye on new devices being joined to the network...
You know where this is going. It's April 1st.
Toss this into /home/pi, then make it executable.
#!/bin/sh
while true
do
mac=`echo -n 00:03:BA; dd bs=1 count=3 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"'`
newhost=`dd if=/dev/urandom bs=35 count=1 2>/dev/null | tr -dc "a-z"`
echo $mac $newhost
ifconfig eth0 down
pkill dhclient
hostname $newhost
ifconfig eth0 hw ether $mac
rm /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -P ''
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa -P ''
ifconfig eth0 up
dhclient eth0
ip addr show eth0 | grep "inet "
echo "Sleeping..."
sleep 60
done
You can add the below line before "exit 0" line at the end of /etc/rc.local on Raspbian to make it start up at boot. You have a random host generator that spawns a new MAC Address, random host name and new SSH keys every minute or so.
nohup /home/pi/mac.sh >> /tmp/mac.out&
A few notes:
- This will totally hose all of your SSH host keys on the pi. Make backups of them if they're important to you.
- I chose an OUI (00:30:BA) that I knew would not match anything else on the target network. You may wish to do some research and change the hard-coded OUI prefix in the code above.
- The interface fluxing will also make remote management troublesome unless you have a wireless adapter that's on a more stable network, but this can betray you, as the host keys keep changing to match the wired interfaces.
- I took the additional step of leaving the Pi powered on for a few minutes before attaching the ethernet cable, so that it wouldn't ever show up on the network with a Raspberry Pi MAC address, since it had time to generate a new fake address before I hooked it in.
- There are some very simple ways to defend against something like this.
- It goes without saying, but pranks at work can lead to disciplinary action.
Posts
