Security Basics mailing list archives

Re[2]: About War Driving ..

From: Kluge <kluge () kluge org>
Date: Wed, 6 Dec 2006 23:05:32 -0500 (EST)



On Tue, 5 Dec 2006, Roman Shirokov wrote:

Pointless, because the MAC address can be easily sniffed as well as
spoofed.

Regards
Ansgar Wiechers


Easily sniffed - yes, easily spoofed - hm... I doubt. (also not
impossible for experienced cracker)


...also not impossible for anyone who can type  'man ifconfig' either...

Here's what I just did on my laptop here 30 seconds ago:

root@hostile:~# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:10:A4:C7:F4:C6
          inet addr:192.168.1.26  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:402 errors:0 dropped:0 overruns:0 frame:0
          TX packets:340 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:445776 (435.3 Kb)  TX bytes:26399 (25.7 Kb)
          Interrupt:3 Base address:0x300

root@hostile:~# ifconfig eth0 down
root@hostile:~# ifconfig eth0 hw ether C0:ff:ee:ee:ee:ee:ee:ee
root@hostile:~# ifconfig eth0 up
root@hostile:~# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr C0:FF:EE:EE:EE:EE
          inet addr:192.168.1.26  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:405 errors:0 dropped:0 overruns:0 frame:0
          TX packets:342 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:445968 (435.5 Kb)  TX bytes:26567 (25.9 Kb)
          Interrupt:3 Base address:0x300


...and Voila!  My NIC's new MAC address is now C0:FF:EE:EE:EE:EE...

Speaking of which, MMmmmm.. coffee-break time.

-Kluge

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------

Current thread:

Re: About War Driving .. Jure Krasovic (Dec 01)
- <Possible follow-ups>
- Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 01)
- Re: About War Driving .. ralain (Dec 01)
  - Re: About War Driving .. Ansgar -59cobalt- Wiechers (Dec 04)
    - Re[2]: About War Driving .. Roman Shirokov (Dec 06)
    - Re: Re[2]: About War Driving .. Brian Loe (Dec 07)
    - Re[2]: About War Driving .. Kluge (Dec 07)
- RE: About War Driving .. Adam Rosen (Dec 01)
- Re: About War Driving .. John Kennedy (Dec 01)
- Re: About War Driving .. Dave Moore (Dec 01)
- Re: About War Driving .. Sudev Barar (Dec 01)
- Re: About War Driving .. Robert Szewczyk (Dec 01)
  - Re: About War Driving .. gaurav saha (Dec 01)
    - Re: About War Driving .. Dave Moore (Dec 04)
    - Re: About War Driving .. Steven (Dec 06)
    - list moderation (was Re: About War Driving.) Kelly Martin (Dec 07)
- Re: About War Driving .. Joel W Pauling (Dec 01)

(Thread continues...)