Security Basics mailing list archives
Re: Changing the mac address on Windows 2000 and XP
From: David Siles <ctowizkid () gmail com>
Date: Wed, 6 Jul 2005 23:07:05 -0500
I will add my two cents for catching the MAC changes, we do a few things in our environment 1.) We use port level security with sticky mac addresses. We only let MAC addresses we know that are assigned to certain port talk on the network. However, this begs the problem that if I were going to jack in and knew this, I would spoof my MAC so it lets me on. 2.) We use KIWI CatTools and dump all the port, arp, and mac tables from our switches many times a day and have inhouse, home grown scripts that look at the delta changes between the reports. We also drop this data in a backend MySQL db that keeps a record of when a MAC was first seen on our network, what ports it has shown up on, and when a new MAC was been introduced on a port security port that didn't meet the defined MAC we were expecting. 3.) We have implemented Clean Access and all machines not carrying the trust agent get stuck in a cinderella network, while we are alerted, and let it go no where. This is where we count act point number one where someone with a SMAC spoofing their MAC address who jacks in my network, but doesn't carry the agent really gets pointed out. Especially if the machine carrying the MAC that is spoofed is assigned to a machine we know that should be carrying the trust agent. 4.) The one realm that makes this harder, put still catchable is good old wireless. We can't do the sticky macs, and spoofing macs across the wifi is an age old fun one. Especially when using the AP's MAC itself. We use a number of systems that I won't enumerate here, but some good searches in good old Google will get you the systems that will help here. Regards, Dave On 6 Jul 2005 04:05:15 -0000, blanketyblank () blank com <blanketyblank () blank com> wrote:
http://amac.paqtool.com/ If there is a tool to change it, there is a tool to detect the change. Or simply lock them out at the router. :)
Current thread:
- RE: Changing the mac address on Windows 2000 and XP, (continued)
- RE: Changing the mac address on Windows 2000 and XP Kumra, Vipul (Jul 06)
- RE: Changing the mac address on Windows 2000 and XP dave kleiman (Jul 11)
- Re: Changing the mac address on Windows 2000 and XP nowhere (Jul 06)
- Re: Changing the mac address on Windows 2000 and XP (easy way) matt (Jul 11)
- Re: Changing the mac address on Windows 2000 and XP (easy way) security (Jul 11)
- RE: Changing the mac address on Windows 2000 and XP (easy way) David Gillett (Jul 12)
- Re: Changing the mac address on Windows 2000 and XP (easy way) matt (Jul 11)
- RE: Changing the mac address on Windows 2000 and XP Kumra, Vipul (Jul 06)
- Re: Changing the mac address on Windows 2000 and XP tomroholm (Jul 06)
- Re: Changing the mac address on Windows 2000 and XP Aram Sargsyan (Jul 06)
- Re: Changing the mac address on Windows 2000 and XP jasonroth25 (Jul 06)
- Re: Changing the mac address on Windows 2000 and XP blanketyblank (Jul 06)
- Re: Changing the mac address on Windows 2000 and XP David Siles (Jul 11)
- RE: Changing the mac address on Windows 2000 and XP Davis, Christopher - IT Audits (Jul 11)
- RE: RE: Changing the mac address on Windows 2000 and XP Kumra, Vipul (Jul 11)
- RE: Changing the mac address on Windows 2000 and XP Thomas Boyle (Jul 11)
- RE: Changing the mac address on Windows 2000 and XP Andrew Shore (Jul 11)