Closed ghost closed 8 years ago
This is incorrect. The first octet isn't the D-part in your example, it's the 2, 6, A and E-part (second part of the first octet). The problem you are describing is pretty well explained here.
If we actually go and generate some mac addresses with the code found here, we'll get something like this:
0A:00:27:73:80:76 02:0F:4B:7F:8C:0B 02:03:FF:4C:2F:A9 0A:00:27:2B:0D:66 02:03:FF:2C:62:D9 02:50:56:02:3B:AD 02:16:3E:5D:F4:5C 02:0C:29:55:34:EA 02:1C:42:5E:C4:43 02:16:3E:08:2B:F9 0A:00:27:1B:D4:A8
The code uses MAC prefixes from VM-vendors (to possibly avoid collision with existing devices on your system), and if local_admin is true, it will take the first octet, and OR it with 2, resulting in the first octet becoming either 02 or 0A depending on which VM prefix is randomly selected.
Therefore, as long as local_admin isn't set to False, we have nothing to worry about!
Correct me if I'm wrong but I read in several articles like this one that in Windows, the following restriction applies:
Now, AFAIK, D stands for 1-9. But all randomly generated MACs in SpoofMAC start with 0.