Security Basics mailing list archives
Re: MAC spoof concept
From: Deian Stefan <deianstefan () gmail com>
Date: Sun, 15 Apr 2007 14:40:46 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1If you are sending traffic to PC3 with the correct seq# then you would basically disrupt the synchronization between PC3 and PC1 -- somewhat of a dos attack. i think that what you might want to do though is first send arp response packets so that the traffic from PC3 in response would go to PC2 and not PC1. This way you have a copy of the packets on PC2 (between PC3 and PC1) and can enable ip forwarding as to avoid a dos attack. You mentioned that you are aware of ip
spoofing, so I apologize if some of the above is redundant. Deian Stefan www.ee.cooper.edu/~stefan GPG fingerprint: BED8 F536 3CDB AC28 CCBB 2ECE 66C3 5810 9025 23CF On Apr 13, 2007, at 10:47 AM, zillah wrote:
I have got these three PCs : PC1 source (victim) , and PC3 Destination (Target), PC2 attacker (imporsonate idintity of PC1) PC1 mac address is : 0000.ffff.aaaa PC2 mac address is : 0000.ffff.bbbb PC3 mac address is : 0000.ffff.cccc They are connected to cisco switch 3550 The term MAC spoofing is the creation of frame with a forged (spoofed) source MAC address (our case 0000.ffff.aaaa ) with the purpose to conceal the identity of the sender (our case PC2) and impersonate the identity of PC1. If PC2 sends traffic to PC3 (Destination) , PC2 would masquerade as PC1 by falsifying its MAC address to be 0000.ffff.aaaa, if this the case what would the benefit be for PC2 (attacker), if all the traffic (as a response to initiated connection from PC2) coming back from PC3 go to PC1 instead of PC2 ? Note: 1- In this simple scenario I do not have DHCP server , I assigned ip address statically. 2- I am aware of ip spoofing. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGInGuZsNYEJAlI88RArzcAKDEp6Vfcmyhn9CGJf1B5FrzW/nVgQCgt1XD ZFwJZAcdSUJNVSuOkomzjwk= =Sn5x -----END PGP SIGNATURE-----
Current thread:
- MAC spoof concept zillah (Apr 15)
- Re: MAC spoof concept Deian Stefan (Apr 16)
- RE: MAC spoof concept David Gillett (Apr 16)
- Re: MAC spoof concept Shreyas Zare (Apr 16)
- <Possible follow-ups>
- Re: MAC spoof concept krymson (Apr 16)