Vulnerability Development mailing list archives
Ethernet ( MAC ) Address Reliability
From: "William N. Zanatta" <william () veritel com br>
Date: Mon, 8 Sep 2003 11:17:00 -0300 (BRT)
Hey guys,
I'm currently studying 'sadoor' ( see links at the foot ), a tool
built over a proof-of-concept on monitoring interfaces instead of opening
ports. The concept behind the tool consists ( roughly ) on monitoring the
interface, waiting for a sequence of ip/tcp/udp key packets ( configurable
) and a command packet which runs a command at the host.
The first article ( below ) introduces the tool and the hopotesis of
using it as a remote system administration tool. Of course there are many
security risks involved when doing it but I believe that a well planned
system may work with a fine security level ( just focusing on this tool ).
But there's one thing which worries me, the ethernet addresses. This
is the point where I want to hear from you, and the question is, how much
reliable are these addresses? I know they're spoofable and thus it may
bring problems with this kind of software.
Anyway I'm still making some research on this ( I'm not a network
authority ;] ) but I would really like to hear from you.
Thank you all,
--
References:
1. A Practical Approach of Stealthy Remote Administration
http://www.linuxsecurity.com/feature_stories/feature_story-149.html
2. SAdoor's Home Page
http://cmn.listprojects.darklab.org
--
William
PS: Sorry for my messy english.
Current thread:
- Ethernet ( MAC ) Address Reliability William N. Zanatta (Sep 08)
- RE: Ethernet ( MAC ) Address Reliability Burton M. Strauss III (Sep 09)
- Re: Ethernet ( MAC ) Address Reliability Steve Ryan (Sep 11)
- RE: Ethernet ( MAC ) Address Reliability Seva Batkin (Sep 11)
- Re: Ethernet ( MAC ) Address Reliability PLANZ (Sep 11)
- Re: Ethernet ( MAC ) Address Reliability Oleg K . Artemjev (Sep 16)
- RE: Ethernet ( MAC ) Address Reliability Burton M. Strauss III (Sep 09)