Security Basics mailing list archives

Re: MAC spoof concept

From: Deian Stefan <deianstefan () gmail com>
Date: Sun, 15 Apr 2007 14:40:46 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If you are sending traffic to PC3 with the correct seq# then youwould basicallydisrupt the synchronization between PC3 and PC1 -- somewhat of a dosattack.i think that what you might want to do though is first send arpresponse packetsso that the traffic from PC3 in response would go to PC2 and not PC1.This wayyou have a copy of the packets on PC2 (between PC3 and PC1) and canenableip forwarding as to avoid a dos attack. You mentioned that you areaware of ip

spoofing, so I apologize if some of the above is redundant.

Deian Stefan
www.ee.cooper.edu/~stefan
GPG fingerprint: BED8 F536 3CDB AC28 CCBB  2ECE 66C3 5810 9025 23CF



On Apr 13, 2007, at 10:47 AM, zillah wrote:

I have got these three PCs :

PC1 source (victim) , and PC3 Destination (Target),
PC2 attacker (imporsonate idintity of PC1)


PC1 mac address is : 0000.ffff.aaaa
PC2 mac address is : 0000.ffff.bbbb
PC3 mac address is : 0000.ffff.cccc


They are connected to cisco switch 3550

The term MAC spoofing is the creation of frame with a
forged (spoofed) source MAC address (our case
0000.ffff.aaaa ) with the purpose to conceal the
identity of the sender (our case PC2) and impersonate
the identity of PC1.

If PC2 sends traffic to PC3 (Destination) , PC2 would
masquerade as PC1 by falsifying its MAC address to be
0000.ffff.aaaa, if this the case what would the
benefit be for PC2 (attacker), if all the traffic (as
a response to initiated connection from PC2) coming
back from PC3 go to PC1 instead of PC2 ?

Note:
1- In this simple scenario I do not have DHCP server ,
I assigned ip address statically.

2- I am aware of ip spoofing.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFGInGuZsNYEJAlI88RArzcAKDEp6Vfcmyhn9CGJf1B5FrzW/nVgQCgt1XD
ZFwJZAcdSUJNVSuOkomzjwk=
=Sn5x
-----END PGP SIGNATURE-----

Current thread:

MAC spoof concept zillah (Apr 15)
- Re: MAC spoof concept Deian Stefan (Apr 16)
- RE: MAC spoof concept David Gillett (Apr 16)
- Re: MAC spoof concept Shreyas Zare (Apr 16)
- <Possible follow-ups>
- Re: MAC spoof concept krymson (Apr 16)