Vulnerability Development mailing list archives
Re: spoofing the ethernet address
From: robbins.7 () OSU EDU (James A. Robbins)
Date: Wed, 15 Mar 2000 09:54:42 -0500
At 11:15 AM 3/14/00 -0500, Arnold, Jamie wrote:
I have a question that one/some of you may be able to help with. We have a user in one of our dorms (DHCP) that is reporting his MAC address as changing about every 10 minutes. When he first powers-on his system, the MAC is correct and DHCP renews his lease. After a while, the master switch shows his IP having about 10 different MAC addresses, all variations of the first where the first 4 digits remain constant, the second 4 go to the last position and the middle 4 change randomly. Has anyone seen this, or have any idea what's going on. My theory is a cheap NIC with bad firmware. We have seen an influx of inexpensive cards coming into campus that have had duplicate MACs or no MACs (000000000000) at all.
Arnold, we see this all the time. It usually means that a NIC is going bad. Another symptom is when the IP addresses get all shuffled around: From: 128.146.20.14 To: 128.146.20.254 becomes From: xxx.xxx.128.146 To: 20.14.xxx.xxx Also, we see all zeros in MAC addresses all the time, especially on Mac PowerPCs. It usually happens during large file transfers. -- James A. Robbins Senior Design Engineer, Network Engineer The Ohio State University Chemistry Department
Current thread:
- Re: information being stored from cgi forms, (continued)
- Re: information being stored from cgi forms Crispin Cowan (Mar 10)
- Re: spoofing the ethernet address Timothy J. Miller (Mar 13)
- Re: spoofing the ethernet address Arnold, Jamie (Mar 14)
- Re: spoofing the ethernet address John Flux (Mar 14)
- Re: spoofing the ethernet address Juan M. Courcoul (Mar 15)
- Linux Mandrake 6.1 PAM/userhelper exploit Paulo Ribeiro (Mar 16)
- AIM 3.0 Buffer Overflow exploit lewkir () YAHOO COM (Mar 17)
- Re: AIM 3.0 Buffer Overflow exploit Jamal Hendershot (Mar 19)
- Re: AIM 3.0 Buffer Overflow exploit - - (Mar 21)
- Re: spoofing the ethernet address Arnold, Jamie (Mar 15)
- Re: spoofing the ethernet address James A. Robbins (Mar 15)
- Re: spoofing the ethernet address Pierre Landau (Mar 21)
- Re: spoofing the ethernet address Ex Machina (Mar 22)
- Re: spoofing the ethernet address (license managers) Eric Sherrill (Mar 24)
- IPSec research Bep Verberk (Mar 24)
- Re: IPSec research Dug Song (Mar 24)
- Re: IPSec research Mike Hudack (Mar 25)
- Re: IPSec research potential problem areas. Patrick Denton (Mar 25)
- Re: spoofing the ethernet address Ex Machina (Mar 22)