Security Basics mailing list archives

Re: Changing the mac address on Windows 2000 and XP

From: "Greg Stiavetti" <gstiavetti () rentoneonline com>
Date: Wed, 6 Jul 2005 17:24:22 -0700

None of the reccomendations preclude using a static IP with the mac spoofedcard.

----- Original Message -----From: "Alexander Bolante" <alexander.bolante () gmail com>

To: "Pranav Lal" <pranav.lal () gmail com>
Cc: <security-basics () securityfocus com>
Sent: Tuesday, July 05, 2005 10:07 PM
Subject: Re: Changing the mac address on Windows 2000 and XP

1) Several 3rd party utilities I've used in the past in a test/devenvironmt.


http://www.klcconsulting.net/smac/
http://www.download.com/a-Mac-Address-Change/3000-2381_4-10325167.html

2) I'm not sure if there are any tools for detecting spoofed MAC
addresses. But there are tools for simply comparing the MAC addresses
to an approved list and flagging any unknown ones.

You should probably think more about DHCP security. Assuming you have
a considerable tolerance for administrative overhead ;) you can maybe:

a) Use reservations for assigning addresses of critical servers on
your network (predefined setting that maps a MAC address to an IP
address so that only a client with a particular MAC address can lease
the IP address associated with that reservation).

b) Create reservations for each and every client machine on the
network, and if unreserved IP addresses still remain in the DHCP
server's scope then these could be reserved using invalid or
non-existing MAC addresses. Then when a rogue client tries to boot on
the network the result is that the DHCP server has no free addresses
to lease and the client can't connect.

I'm not sure how feasible this is for you, but it could be a start.
BTW my 13 yr old neighbor says he can find a way to circumvent DHCP
reservations. Who knows? Bottom line -- just make sure you have
rigorous security across the board...

Hope that helps. Cheers!


--
ALEXANDER BOLANTE
Alexander.Bolante () gmail com

"I hate quotations. Tell me what you know."
- Ralph Waldo Emerson



On 7/5/05, Pranav Lal <pranav.lal () gmail com> wrote:

Hi all,

Is there any way to change the mac address of a LAN card in Windows
2000 and Windows XP?

As a corollary to the question, how would one detect if a computer
was changing its mac address? This is assuming that the network on
which this machine is connected has DHCP enabled.

Pranav


--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005



--
ALEXANDER BOLANTE
Alexander.Bolante () gmail com

"I hate quotations. Tell me what you know."

- Ralph Waldo Emerson

Current thread:

Changing the mac address on Windows 2000 and XP Pranav Lal (Jul 05)
- Re: Changing the mac address on Windows 2000 and XP ChayoteMu (Jul 06)
- RE: Changing the mac address on Windows 2000 and XP Nicolas villatte (Jul 06)
- Re: Changing the mac address on Windows 2000 and XP Nikiforov Alex (Jul 06)
- Re: Changing the mac address on Windows 2000 and XP Anish Shaikh (Jul 06)
- Re: Changing the mac address on Windows 2000 and XP Alexander Bolante (Jul 06)
  - Re: Changing the mac address on Windows 2000 and XP Greg Stiavetti (Jul 11)
- RE: Changing the mac address on Windows 2000 and XP David Gillett (Jul 06)
- Re: Changing the mac address on Windows 2000 and XP Adam Jones (Jul 06)
- RE: Changing the mac address on Windows 2000 and XP Joe Osborn (Jul 06)
  - Re: Changing the mac address on Windows 2000 and XP Mike Sweeney (Jul 11)
  - Re: Changing the mac address on Windows 2000 and XP Kelly D. Lucas (Jul 11)
  - RE: Changing the mac address on Windows 2000 and XP Carl Tucker (Jul 11)
- Message not available
  - Re: Changing the mac address on Windows 2000 and XP Pranav Lal (Jul 11)
- <Possible follow-ups>
- RE: Changing the mac address on Windows 2000 and XP Kumra, Vipul (Jul 06)
  - RE: Changing the mac address on Windows 2000 and XP dave kleiman (Jul 11)
- Re: Changing the mac address on Windows 2000 and XP nowhere (Jul 06)

(Thread continues...)