Security Basics mailing list archives

Re: MAC spoof concept

From: krymson () gmail com
Date: 16 Apr 2007 14:38:38 -0000

I think a good conceptual question for you might be, "How does the data from the destination (PC3) get back to either 
PC1 or PC2?" If you have two systems contending for a MAC address on a network segment...what happens?

I'm sure others will be more direct in their answers to you, but I think that question might lead you to your answer.


<- snip ->
PC1 source (victim) , and PC3 Destination (Target),
PC2 attacker (imporsonate idintity of PC1)

PC1 mac address is : 0000.ffff.aaaa
PC2 mac address is : 0000.ffff.bbbb
PC3 mac address is : 0000.ffff.cccc

They are connected to cisco switch 3550

The term MAC spoofing is the creation of frame with a
forged (spoofed) source MAC address (our case
0000.ffff.aaaa ) with the purpose to conceal the
identity of the sender (our case PC2) and impersonate
the identity of PC1.

If PC2 sends traffic to PC3 (Destination) , PC2 would
masquerade as PC1 by falsifying its MAC address to be
0000.ffff.aaaa, if this the case what would the
benefit be for PC2 (attacker), if all the traffic (as
a response to initiated connection from PC2) coming
back from PC3 go to PC1 instead of PC2 ?

Current thread:

MAC spoof concept zillah (Apr 15)
- Re: MAC spoof concept Deian Stefan (Apr 16)
- RE: MAC spoof concept David Gillett (Apr 16)
- Re: MAC spoof concept Shreyas Zare (Apr 16)
- <Possible follow-ups>
- Re: MAC spoof concept krymson (Apr 16)