Res: MAC spoof concept

[Marcos Aurelio Rodrigues <marsamp () yahoo com br>]

Usually, when you do something like that, you should use arp poison, so the PC1 sends back to PC2 (Atacker) instead of 
PC3. But you switch has to support that.
 
Marcos Aurelio Rodrigues (d319r4t1433)
Pueri quod semper amat Dei

----- Mensagem original ----
De: zillah <forwardtruth () yahoo com>
Para: security-basics () securityfocus com
Enviadas: Sexta-feira, 13 de Abril de 2007 11:47:22
Assunto: MAC spoof concept

I have got these three PCs :

PC1 source (victim) , and PC3 Destination (Target),
PC2 attacker (imporsonate idintity of PC1)


PC1 mac address is : 0000.ffff.aaaa
PC2 mac address is : 0000.ffff.bbbb
PC3 mac address is : 0000.ffff.cccc


They are connected to cisco switch 3550

The term MAC spoofing is the creation of frame with a
forged (spoofed) source MAC address (our case
0000.ffff.aaaa ) with the purpose to conceal the
identity of the sender (our case PC2) and impersonate
the identity of PC1.

If PC2 sends traffic to PC3 (Destination) , PC2 would
masquerade as PC1 by falsifying its MAC address to be
0000.ffff.aaaa, if this the case what would the
benefit be for PC2 (attacker), if all the traffic (as
a response to initiated connection from PC2) coming
back from PC3 go to PC1 instead of PC2 ?

Note:
1- In this simple scenario I do not have DHCP server ,
I assigned ip address statically.

2- I am aware of ip spoofing.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


__________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/