Re: fooling hubs [ARP Spoofing]

[rvdm () CISTRON NL (Robert van der Meulen)]

> Is this a bug with some kind of hardware or with ARP protocol?

Depends. If your isp is logging on the mac-adress-level, then you can use some
other mac adress to fool them.
It would not be stealthy, though.
If your isp is just a tad smart, he logs the port you connect to, in
combination with the mac adress. As you seem to be using a cable modem, your
port doesn't change, and can identify you.
Often isp's don't go to the trouble of logging trough their routers and stuff,
but log trough their (your) gateway, because it's way easier to log on a unix
machine, than on a router (information gathering/compiling is much simpler).

The _function_ of the arp protocol is to translate mac adresses to IP adresses,
on a subnet. So actually, you being able to say you're someone else is not a
bug, but a feature.
On the other hand, there are tricks to disallow you to take somebody else's mac
adress..
Did you ever try taking on the mac adress of somebody else (near you, in a
geographical sense), and tcpdumping the connection ?
Chances are that you'd be getting inbound traffic, aimed at the other person,
but arriving at your pc - in my opinion, _that_ is a bug :)

Cheers,
        Robert/Emphyrio

--

|      rvdm () cistron nl - Cistron Internet Services - www.cistron.nl        |
|          php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security             |
|         My statements are mine, and not necessarily cistron's.           |