Penetration Testing mailing list archives
Re: [PEN-TEST] Change MAC Address
From: Ryan Permeh <ryan () EEYE COM>
Date: Tue, 5 Dec 2000 16:12:50 -0800
This is not specifically true. MAC addresses, even those burned on the card, can be changed unilaterly. An NDIS intermediate mode driver could be crafted to modify MAC addresses in packets before being written to the wire or conversely passed up the stack. NDIS drivers allow direct reads and writes from the wire, and an intermediate mode driver acts like a shim, giving access to all data passed up and down the stack for reading and writing. A regular NDIS miniport driver, like what is used in libnetnt, can craft specific packets for transmission, but since it is not directly in between the winsock layer and the physical card driver, cannot be used as a single point of modification for existing applications. Microsoft has a DDK that offers a much more detailed description of NDIS drivers, and pcausa offers a ndis intermediate mode driver toolkit that would allow you to create your own (this is a commercially supported toolkit, and if this is a requirement, well worth the cost). Signed, Ryan eEye Digital Security Team http://www.eEye.com ----- Original Message ----- From: "Marin, Marvin" <marvin.marin () EDS COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Tuesday, December 05, 2000 7:42 AM Subject: Re: Change MAC Address
Since everyone else has given you the way to do it under unix/linux here's the W2K answer. The MAC address is usually burned into the card and can't be changed. If your lucky enough to have a card that can take a modification than to do
so
under Windows 2000 do the following 1. From the Start menu, select Settings, Network and Dial-Up Connections, right-click the LAN instance that uses the network adapter card you want
to
modify, and select Properties. 2. In the "Connect using:" section, under the name of the network adapter card, click Configure. 3. Select the Advanced tab. 4. Select Locally Administered Address. 5. Type the new MAC address in the Value section. 6. Click OK. If "locally Administered Address" is not present, you can't do it with
your
NIC or NIC driver. G/L! Marvin Marin Information Assurance Services Network Security Engineer 13600 EDS Drive Herndon, VA 20171 MS A2N-D50 * phone: 703-742-2680 * mailto:marvin.marin () eds com www.eds.com
Current thread:
- Re: [PEN-TEST] Change MAC Address, (continued)
- Re: [PEN-TEST] Change MAC Address Lydick, Adam (Dec 10)
- Re: [PEN-TEST] Change MAC Address Arturo Busleiman (Dec 07)
- Re: [PEN-TEST] Change MAC Address Chris Winter (Dec 05)
- Re: [PEN-TEST] Change MAC Address Bruno Taranto Alvim (Dec 05)
- Re: [PEN-TEST] Change MAC Address Alex Butcher (Dec 06)
- Re: [PEN-TEST] Change MAC Address Dunker, Noah (Dec 05)
- Re: [PEN-TEST] Change MAC Address Jose Nazario (Dec 05)
- Re: [PEN-TEST] Change MAC Address Jonathan Johnson (Dec 05)
- Re: [PEN-TEST] Change MAC Address Jason Poley (Dec 05)
- Re: [PEN-TEST] Change MAC Address Marin, Marvin (Dec 06)
- Re: [PEN-TEST] Change MAC Address Ryan Permeh (Dec 06)
- Re: [PEN-TEST] Change MAC Address Ryan Russell (Dec 06)
- Re: [PEN-TEST] Change MAC Address Ryan Permeh (Dec 06)