Security Basics mailing list archives
Re: MAC spoof concept
From: krymson () gmail com
Date: 16 Apr 2007 14:38:38 -0000
I think a good conceptual question for you might be, "How does the data from the destination (PC3) get back to either PC1 or PC2?" If you have two systems contending for a MAC address on a network segment...what happens? I'm sure others will be more direct in their answers to you, but I think that question might lead you to your answer. <- snip -> PC1 source (victim) , and PC3 Destination (Target), PC2 attacker (imporsonate idintity of PC1) PC1 mac address is : 0000.ffff.aaaa PC2 mac address is : 0000.ffff.bbbb PC3 mac address is : 0000.ffff.cccc They are connected to cisco switch 3550 The term MAC spoofing is the creation of frame with a forged (spoofed) source MAC address (our case 0000.ffff.aaaa ) with the purpose to conceal the identity of the sender (our case PC2) and impersonate the identity of PC1. If PC2 sends traffic to PC3 (Destination) , PC2 would masquerade as PC1 by falsifying its MAC address to be 0000.ffff.aaaa, if this the case what would the benefit be for PC2 (attacker), if all the traffic (as a response to initiated connection from PC2) coming back from PC3 go to PC1 instead of PC2 ?
Current thread:
- MAC spoof concept zillah (Apr 15)
- Re: MAC spoof concept Deian Stefan (Apr 16)
- RE: MAC spoof concept David Gillett (Apr 16)
- Re: MAC spoof concept Shreyas Zare (Apr 16)
- <Possible follow-ups>
- Re: MAC spoof concept krymson (Apr 16)