Vulnerability Development mailing list archives
Re: spoofing the ethernet address
From: ian.vitek () INFOSEC SE (Vitek, Ian)
Date: Wed, 1 Mar 2000 17:37:36 +0100
Hi! I have written a program, macof, that generates spoofed MAC addresses (as well as spoofed IP and port addresses). See: 41256768.002D5C09.00 () mailgw backupcentralen se">http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-05-1&msg=41256768.002D5C09.00 () mailgw backupcentralen se</A> This program was built to test MAC-flooding. Some switches start sending network traffic to all switch ports when this happens. The program generates source MAC addresses for every packet it sends and destination MAC could be chosen. As the help text: usage: macof [options] -d dest_host (def:random) -s source_host (def:random) -v prints generated mac-addresses -r | -e dest_mac randomize or set destination mac address should be in format ff:ff:ff:ff:ff:ff or host -x source_port (def:random) -y dest_port (def:random) -i interface set sending interface (def:eth0) -n times set number of times to send (def:1) -h this help This could easily be changed. To set your own source MAC address change line 68 from: $mac=&GenMAC; to $mac="ma:c :of:my:ow:n "; Or even better; fix a "getopts" for it. I think I will include the macof disclaimer into this mail: # Warning: This program could cause serious problems on your network. # This program could hang, crash or reboot network devices. # Switches could start sending packages to all ports making it # possible to intercept network traffic. There have been several people mailing me that macof works on their switch (network traffic over the switch could be eavesdropped) but not received the switch type. If you test your switch and it seems vulnerable please mail me the switch type and its software version so I could compile a list. //Ian Vitek, Infosec mailto:ian.vitek () infosec se
Current thread:
- Re: spoofing the ethernet address Sen_Ml Sen_Ml (Mar 01)
- Re: spoofing the ethernet address yeti (Mar 02)
- <Possible follow-ups>
- Re: spoofing the ethernet address Mikael Olsson (Mar 01)
- Re: spoofing the ethernet address Carl-Johan Bostorp (Mar 01)
- Re: spoofing the ethernet address Simple Nomad (Mar 01)
- Re: spoofing the ethernet address Vitek, Ian (Mar 01)
- Re: spoofing the ethernet address Granquist, Lamont (Mar 01)
- Re: spoofing the ethernet address Mudge (Mar 01)
- Re: spoofing the ethernet address Dug Song (Mar 02)
- Re: spoofing the ethernet address Ben Grubin (Mar 01)
- Re: spoofing the ethernet address -DAL- (Mar 01)
- Re: spoofing the ethernet address Iván Arce (Mar 01)
- Re: spoofing the ethernet address hypoclear - lUSt - (Linux Users Strike Today) (Mar 01)
- Re: spoofing the ethernet address The I (Mar 01)
- [Fwd: spoofing the ethernet address] Fredrik Widlund (Mar 02)
- spoofing the ethernet address (PPPoE) mike (Mar 02)
(Thread continues...)