Re: Re: changing mac addresses of clients in vmware

[arl7969 () it rit edu]

In my whitepaper, "Creating Virtual Honeynets with Connectix Virtual PC 5.2" 
(http://www.rit.edu/~arl7969/whitepapers/alamb-4-2004.html) I discuss one way to workaround virtual machines' MAC 
addresses.

I'm not sure if this works for VMWare, but:

"The solution I found to be most effective for minimizing the influence of the host was the following. First, the host 
computer's TCP/IP protocol was disabled. Second, because of the nature of the network that the host was attached to, I 
“spoofed” the MAC address of the guest machine so that the guest's virtual interface had the same MAC address as the 
host's physical interface. I then set the Virtual PC networking mode to Virtual Switch with access to the external 
network only (See the next section for a discussion of network modes in Virtual PC). The virtual machine was therefore 
able to connect to the public network directly through it's virtual interface using the host's physical interface. The 
host firewall was still able to continue logging the virtual machine's traffic without translating these packets 
through the host's TCP/IP stack.

Spoofing MACs can be done relatively easy on most Operating Systems; in the case of the Windows 98 honeypot it is only 
a matter of adding a new registry string value (“NetworkAddress” in 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Net\000) equal to the MAC address of the host. For the 
OpenBSD honeypot, MAC address manipulation is not available by default, but using Doug Song's popular sea.c one can 
alter the MAC address of the virtual ethernet card. With this configuration I was only able to allow one honeypot 
access to the network, running two honeypots with the same MAC address or the host and a guest with the same MAC caused 
connection drops."

There is also this: http://www.softpedia.com/get/Tweak/Network-Tweak/VMware-MAC-Changer.shtml