Security Basics mailing list archives
Mac address spoofing: I can't connect my device (Malformed packet)
From: "Norbert François" <norbertlike () gmail com>
Date: Fri, 10 Nov 2006 10:33:13 +0100
Hi list, This morning, I tried to change my MAC address in my wifi-LAN. Here's my "configuration": -> ath0 is my interface for the wireless card (madwifi-ng driver) -> its MAC address is 00:05:4E:44:68:DA -> AP is a wrt54GL with a dd-wrt firmware -> Lan: 10.1.1.0/24 Then, what I did was a simple ifconfig ath0 hw ether 00:05:4E:44:68:DB As you see, I let the same OUI, in order to avoid OUI non-recognition or smth like that. After that, the card associate to the access point, and I give it an IP: iwconfig ath0 mode managed essid my_access_point key off && ifconfig ath0 10.1.1.100 If I look at the dump of my connexion, I'll see a bunch of "ARP who-has" (Tell 10.1.1.100) from 00:05:4E:44:68:DA to broadcast, and my AP doesn't reply. After about 30 packets sent, I get a Malformed packet from my AP (known as "MDS header"). I argue that something's strange: In ethereal, under "Ethernet II", it recognizes that it is not the factory default address (how ?). In fact, I've a sort of: ......... ...1...... = Multicat: this is a Multicast address ......... ..1. .....= Locally administred address: This is NOT a factory default address I guess my AP looks at this "detail" and refuses the connexion :/. Is there a way to trick it (aka putting this bit to 0) ? Thank a lot for your reply(ies) Norbert --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Mac address spoofing: I can't connect my device (Malformed packet) Norbert François (Nov 10)