Re: spoofing the ethernet address

[ian.vitek () INFOSEC SE (Vitek, Ian)]

Hi!
I have written a program, macof, that generates spoofed MAC addresses (as well
as spoofed IP and port addresses).
See:
41256768.002D5C09.00 () mailgw backupcentralen 
se">http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-05-1&msg=41256768.002D5C09.00 () mailgw 
backupcentralen se</A>

This program was built to test MAC-flooding. Some switches start sending network
traffic to all switch ports when this happens.
The program generates source MAC addresses for every packet it sends and
destination MAC could be chosen. As the help text:
usage: macof [options]
    -d dest_host        (def:random)
    -s source_host      (def:random)
    -v prints generated mac-addresses
    -r | -e dest_mac    randomize or set destination mac address
       should be in format ff:ff:ff:ff:ff:ff or host
    -x source_port      (def:random)
    -y dest_port        (def:random)
    -i interface  set sending interface       (def:eth0)
    -n times      set number of times to send (def:1)
    -h this help

This could easily be changed. To set your own source MAC address change line 68
from:
$mac=&GenMAC;

to
$mac="ma:c :of:my:ow:n ";

Or even better; fix a "getopts" for it.

I think I will include the macof disclaimer into this mail:
# Warning: This program could cause serious problems on your network.
#          This program could hang, crash or reboot network devices.
#          Switches could start sending packages to all ports making it
#          possible to intercept network traffic.

There have been several people mailing me that macof works on their switch
(network traffic over the switch could be eavesdropped) but not received the
switch type. If you test your switch and it seems vulnerable please mail me the
switch type and its software version so I could compile a list.

//Ian Vitek, Infosec
mailto:ian.vitek () infosec se