Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: spoofing the ethernet address

From: mudge () L0PHT COM (Mudge)
Date: Wed, 1 Mar 2000 12:56:16 -0500

DLPI and /dev/nit will allow you to write the raw ether frame. As will
linux raw sockets.

On BSD style systems the driver itself will often place the legitimate
ether address back in to the frame before sending the packet. Even if you
have handed in data expecting otherwise. You will need to make a one or
two line code change to the driver and recompile it into the kernel if you
want to change the outgoing ether address.

This is what we had to do for AntiSniff on OpenBSD.

cheers,

.mudge

On Tue, 29 Feb 2000, Bobby, Paul wrote:


Been playing with hping, and I imagine other IP spoofing tools generate the
same types of packets.

The spoofed packet contains a bogus IP address, yes. However the ethernet
address (MAC) is the address of the sending machine.

Is it possible to spoof this address also? Would someone have to write a
custom ethernet driver?

Paul Bobby
-----------------
<dream> Got Root? </dream>
Previous By Date Next
Previous By Thread Next

Current thread: