Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Mac address spoofing: I can't connect my device (Malformed packet)

From: "Norbert François" <norbertlike () gmail com>
Date: Fri, 10 Nov 2006 10:33:13 +0100
Hi list,
This morning, I tried to change my MAC address in my wifi-LAN.
Here's my "configuration":

-> ath0 is my interface for the wireless card (madwifi-ng driver)
-> its MAC address is 00:05:4E:44:68:DA

-> AP is a wrt54GL with a dd-wrt firmware
-> Lan: 10.1.1.0/24

Then, what I did was a simple

ifconfig ath0 hw ether 00:05:4E:44:68:DB

As you see, I let the same OUI, in order to avoid OUI non-recognition
or smth like that.

After that, the card associate to the access point, and I give it an IP:

iwconfig ath0 mode managed essid my_access_point key off  && ifconfig
ath0 10.1.1.100

If I look at the dump of my connexion, I'll see a bunch of "ARP
who-has"  (Tell 10.1.1.100) from 00:05:4E:44:68:DA to  broadcast, and
my AP doesn't reply. After about 30 packets sent, I get a Malformed
packet from my AP (known as "MDS header").

I argue that something's strange:
In ethereal, under "Ethernet II", it recognizes that it is not the
factory default address (how ?). In fact, I've a sort of:

......... ...1...... = Multicat: this is a Multicast address
......... ..1. .....= Locally administred address: This is NOT a
factory default address

I guess my AP looks at this "detail" and refuses the connexion :/. Is
there a way to trick it (aka putting this bit to 0) ?


Thank a lot for your reply(ies)

Norbert

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: