Security Basics mailing list archives
Res: MAC spoof concept
From: Marcos Aurelio Rodrigues <marsamp () yahoo com br>
Date: Mon, 16 Apr 2007 04:58:18 -0700 (PDT)
Usually, when you do something like that, you should use arp poison, so the PC1 sends back to PC2 (Atacker) instead of PC3. But you switch has to support that. Marcos Aurelio Rodrigues (d319r4t1433) Pueri quod semper amat Dei ----- Mensagem original ---- De: zillah <forwardtruth () yahoo com> Para: security-basics () securityfocus com Enviadas: Sexta-feira, 13 de Abril de 2007 11:47:22 Assunto: MAC spoof concept I have got these three PCs : PC1 source (victim) , and PC3 Destination (Target), PC2 attacker (imporsonate idintity of PC1) PC1 mac address is : 0000.ffff.aaaa PC2 mac address is : 0000.ffff.bbbb PC3 mac address is : 0000.ffff.cccc They are connected to cisco switch 3550 The term MAC spoofing is the creation of frame with a forged (spoofed) source MAC address (our case 0000.ffff.aaaa ) with the purpose to conceal the identity of the sender (our case PC2) and impersonate the identity of PC1. If PC2 sends traffic to PC3 (Destination) , PC2 would masquerade as PC1 by falsifying its MAC address to be 0000.ffff.aaaa, if this the case what would the benefit be for PC2 (attacker), if all the traffic (as a response to initiated connection from PC2) coming back from PC3 go to PC1 instead of PC2 ? Note: 1- In this simple scenario I do not have DHCP server , I assigned ip address statically. 2- I am aware of ip spoofing. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
Current thread:
- Res: MAC spoof concept Marcos Aurelio Rodrigues (Apr 16)