Security Basics mailing list archives

MAC spoof concept

From: zillah <forwardtruth () yahoo com>
Date: Fri, 13 Apr 2007 07:47:22 -0700 (PDT)

I have got these three PCs :

PC1 source (victim) , and PC3 Destination (Target),
PC2 attacker (imporsonate idintity of PC1)


PC1 mac address is : 0000.ffff.aaaa
PC2 mac address is : 0000.ffff.bbbb
PC3 mac address is : 0000.ffff.cccc


They are connected to cisco switch 3550

The term MAC spoofing is the creation of frame with a
forged (spoofed) source MAC address (our case
0000.ffff.aaaa ) with the purpose to conceal the
identity of the sender (our case PC2) and impersonate
the identity of PC1.

If PC2 sends traffic to PC3 (Destination) , PC2 would
masquerade as PC1 by falsifying its MAC address to be
0000.ffff.aaaa, if this the case what would the
benefit be for PC2 (attacker), if all the traffic (as
a response to initiated connection from PC2) coming
back from PC3 go to PC1 instead of PC2 ?

Note:
1- In this simple scenario I do not have DHCP server ,
I assigned ip address statically.

2- I am aware of ip spoofing.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Current thread:

MAC spoof concept zillah (Apr 15)
- Re: MAC spoof concept Deian Stefan (Apr 16)
- RE: MAC spoof concept David Gillett (Apr 16)
- Re: MAC spoof concept Shreyas Zare (Apr 16)
- <Possible follow-ups>
- Re: MAC spoof concept krymson (Apr 16)