Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: spoofing the ethernet address

From: core.lists.exploit-dev () CORE-SDI COM (Iván Arce)
Date: Wed, 1 Mar 2000 17:29:11 -0300

"Bobby, Paul" wrote:


Been playing with hping, and I imagine other IP spoofing tools generate the
same types of packets.

The spoofed packet contains a bogus IP address, yes. However the ethernet
address (MAC) is the address of the sending machine.

Is it possible to spoof this address also? Would someone have to write a
custom ethernet driver?



Yes, it is possible.
No, you dont need a custom ethernet driver, at least not if you are
using
linux or BSD. In fact, Tom Ptacek wrote a diff to the OpenBSD's kernel
to do so (i believe these are distributed with libnet), i dont know if
the 
diffs are available anywhere but it takes just a few lines to change in
ether_output() in if_ethersubr.c in BSD.

libnet used to be available at packetfactory.net

-ivan

-- 
"Understanding. A cerebral secretion that enables one having it to know
 a house from a horse by the roof on the house,
 It's nature and laws have been exhaustively expounded by Locke,
 who rode a house, and Kant, who lived in a horse." - Ambrose Bierce

==================[ CORE Seguridad de la Informacion S.A. ]=========
Iván Arce
Presidente
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A
email: iarce () core-sdi com
http://www.core-sdi.com
Pte. Juan D. Peron 315 Piso 4 UF 17
1038 Capital Federal
Buenos Aires, Argentina.              Tel/Fax : +(54-11) 4331-5402
Casilla de Correos 877 (1000) Correo Central
=====================================================================

--- For a personal reply use iarce () core-sdi com
Previous By Date Next
Previous By Thread Next

Current thread: