Vulnerability Development mailing list archives
Re: spoofing the ethernet address
From: core.lists.exploit-dev () CORE-SDI COM (Iván Arce)
Date: Wed, 1 Mar 2000 17:29:11 -0300
"Bobby, Paul" wrote:
Been playing with hping, and I imagine other IP spoofing tools generate the same types of packets. The spoofed packet contains a bogus IP address, yes. However the ethernet address (MAC) is the address of the sending machine. Is it possible to spoof this address also? Would someone have to write a custom ethernet driver?
Yes, it is possible. No, you dont need a custom ethernet driver, at least not if you are using linux or BSD. In fact, Tom Ptacek wrote a diff to the OpenBSD's kernel to do so (i believe these are distributed with libnet), i dont know if the diffs are available anywhere but it takes just a few lines to change in ether_output() in if_ethersubr.c in BSD. libnet used to be available at packetfactory.net -ivan -- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, It's nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce ==================[ CORE Seguridad de la Informacion S.A. ]========= Iván Arce Presidente PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A email: iarce () core-sdi com http://www.core-sdi.com Pte. Juan D. Peron 315 Piso 4 UF 17 1038 Capital Federal Buenos Aires, Argentina. Tel/Fax : +(54-11) 4331-5402 Casilla de Correos 877 (1000) Correo Central ===================================================================== --- For a personal reply use iarce () core-sdi com
Current thread:
- Re: spoofing the ethernet address, (continued)
- Re: spoofing the ethernet address yeti (Mar 02)
- Re: spoofing the ethernet address Mikael Olsson (Mar 01)
- Re: spoofing the ethernet address Carl-Johan Bostorp (Mar 01)
- Re: spoofing the ethernet address Simple Nomad (Mar 01)
- Re: spoofing the ethernet address Vitek, Ian (Mar 01)
- Re: spoofing the ethernet address Granquist, Lamont (Mar 01)
- Re: spoofing the ethernet address Mudge (Mar 01)
- Re: spoofing the ethernet address Dug Song (Mar 02)
- Re: spoofing the ethernet address Ben Grubin (Mar 01)
- Re: spoofing the ethernet address -DAL- (Mar 01)
- Re: spoofing the ethernet address Iván Arce (Mar 01)
- Re: spoofing the ethernet address hypoclear - lUSt - (Linux Users Strike Today) (Mar 01)
- Re: spoofing the ethernet address The I (Mar 01)
- [Fwd: spoofing the ethernet address] Fredrik Widlund (Mar 02)
- spoofing the ethernet address (PPPoE) mike (Mar 02)
- Re: spoofing the ethernet address John Hall (Mar 01)
- Re: spoofing the ethernet address Jim Duncan (Mar 02)
- Re: spoofing the ethernet address Bluefish (Mar 02)
- Re: spoofing the ethernet address Ben Grubin (Mar 02)
- Re: spoofing the ethernet address Trevor Schroeder (Mar 02)
- TCP John Flux (Mar 03)
(Thread continues...)