Penetration Testing mailing list archives
R: MAC address spoofing - conflict?
From: "Sebastian Zdrojewski" <en3py () itvc net>
Date: Mon, 21 Aug 2006 20:05:26 +0200
At layer 2 all frames should be sent to the port(s) where the MAC address is announced. At layer 3, the NICs will accept the packets directed to their IP address and discard the others. Don't you agree? En3pY -----Messaggio originale----- Da: Lubos Kolouch [mailto:lubos.kolouch () gmail com] Inviato: lunedì 21 agosto 2006 10.23 A: pen-test () securityfocus com Oggetto: Re: MAC address spoofing - conflict? Yes, but what will happen then? Data will be sent to that MAC address. If it is switched network, I can imagine the switch will maybe send it to the correct port from which the response came? If there is a hub though, the packet will be delivered to which network card? Lubos Kolouch Cedric Blancher píše v Čt 17. 08. 2006 v 08:56 +0200:
Le mercredi 16 août 2006 à 10:26 +0200, Lubos Kolouch a écrit :I think it does matter. Because there will be more than host replying to ARP broadcasts and the question is what will happen.Nope it does not matter, because you won't have multiple answers... ARP asks for an _IP_ address, not a MAC one. Therefore, if MAC addresses are identical, but IP addresses are different, an ARP request for one given IP address will get one answer only. In the end, you will end up with two entries in ARP cache with the same MAC address, but there's not problem out there. And if, in case of some wierd and unexplained behaviour (aka awful bug), both hosts were replying, they would reply with the same MAC address to the same request, so you would not have problem either. Le jeudi 17 août 2006 à 01:03 +0000, penetrationtestmail () gmail com a écrit :And if anyone knows the exact answer, that would be most helpful ;)The exact answer is: you can seamless spoof MAC addresses on WLAN as long as you use a different IP address than spoofed host, so you don't have TCP RST problems and stuff like this. Tested in lab and real life for pentests. It's a classical technic (among others[1]) for bypassing some cheap, but still widespread, WLAN captive portal that only track authenticated clients with their MAC address. [1] http://sid.rstack.org/pres/0602_ESW_CaptiveBypass.pdf
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------ -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.11.3/423 - Release Date: 18/08/2006 ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Re: MAC address spoofing - conflict?, (continued)
- Re: MAC address spoofing - conflict? Pieter Danhieux (Aug 14)
- Re: MAC address spoofing - conflict? Tonnerre Lombard (Aug 15)
- Re: MAC address spoofing - conflict? Morning Wood (Aug 14)
- Re: MAC address spoofing - conflict? penetrationtestmail (Aug 15)
- Re: MAC address spoofing - conflict? Lubos Kolouch (Aug 16)
- Re: MAC address spoofing - conflict? Cedric Blancher (Aug 17)
- Re: MAC address spoofing - conflict? Lubos Kolouch (Aug 21)
- Re: MAC address spoofing - conflict? Michael Dieroff (Aug 21)
- Re: MAC address spoofing - conflict? Cedric Blancher (Aug 21)
- Re: MAC address spoofing - conflict? dogten (Aug 21)
- R: MAC address spoofing - conflict? Sebastian Zdrojewski (Aug 21)
- RE: MAC address spoofing - conflict? Upadhyaya, Vijay (Aug 23)
- Re: MAC address spoofing - conflict? Lubos Kolouch (Aug 16)
- Re: MAC address spoofing - conflict? Pieter Danhieux (Aug 14)
- Re: MAC address spoofing - conflict? Gavin White (Aug 21)
- Re: MAC address spoofing - conflict? Fabio Nigi (Aug 28)
- Re: MAC address spoofing - conflict? Cedric Blancher (Aug 29)