Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: spoofing the ethernet address

From: BGrubin () SCIENT COM (Ben Grubin)
Date: Wed, 1 Mar 2000 12:14:28 -0600

Trivial, actually.  Most cards allow programmable MAC addressing, so
changing them around is usually easy.  Of course, since the source MAC is
only visible on the directly attached segment, this is only useful if you
are doing "bad things" on the segment your machine physically resides on.
Once you hit a routing device, it's IP only.

Since the MAC address is programmable, and typically not tracked, it can't
be used as a reliable forensic data source.

Cheers,
Ben


-----Original Message-----
From: Bobby, Paul [mailto:paul.bobby () LMCO COM]
Sent: Tuesday, February 29, 2000 1:58 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: spoofing the ethernet address


Been playing with hping, and I imagine other IP spoofing
tools generate the
same types of packets.

The spoofed packet contains a bogus IP address, yes. However
the ethernet
address (MAC) is the address of the sending machine.

Is it possible to spoof this address also? Would someone have
to write a
custom ethernet driver?

Paul Bobby
-----------------
<dream> Got Root? </dream>
Previous By Date Next
Previous By Thread Next

Current thread: