Security Basics mailing list archives
Re: MAC spoof concept
From: "Shreyas Zare" <shreyas () technitium com>
Date: Mon, 16 Apr 2007 11:14:12 +0530
Hi Zillah, You are mixing MAC spoofing and ARP poisoning I suppose. Also, what you are trying to achieve is not clear. If you want to impersonate PC1's identity, you can use its MAC address such that you can access the network which PC1 is allowed to, when PC1 is offline. That is if PC1 is loged on to a particular type of network where his MAC address is an important key then you can change your mac address to access his network. To change MAC address you can use Technitium MAC Address Changer. If you want to do a Man-In-The-Middle attack, use ARP poisoning. Here you have to continuously send an ARP packet to PC1 and PC3 which will poison both machines ARP cache such that your MAC address will be listed in both machines MAC table. Thus, all packets that PC1 sends to PC3 or PC3 sends to PC1 will reach your NIC. Now you can just forward the packets to its actual destination such that no user will notice any difference. And using Wireshark you can capture all the traffic for analysis. To do this there are tools available like Cain & Abel, WinARPSpoofer etc. Regards, On 4/13/07, zillah <forwardtruth () yahoo com> wrote:
I have got these three PCs : PC1 source (victim) , and PC3 Destination (Target), PC2 attacker (imporsonate idintity of PC1) PC1 mac address is : 0000.ffff.aaaa PC2 mac address is : 0000.ffff.bbbb PC3 mac address is : 0000.ffff.cccc They are connected to cisco switch 3550 The term MAC spoofing is the creation of frame with a forged (spoofed) source MAC address (our case 0000.ffff.aaaa ) with the purpose to conceal the identity of the sender (our case PC2) and impersonate the identity of PC1. If PC2 sends traffic to PC3 (Destination) , PC2 would masquerade as PC1 by falsifying its MAC address to be 0000.ffff.aaaa, if this the case what would the benefit be for PC2 (attacker), if all the traffic (as a response to initiated connection from PC2) coming back from PC3 go to PC1 instead of PC2 ? Note: 1- In this simple scenario I do not have DHCP server , I assigned ip address statically. 2- I am aware of ip spoofing.
-- (This e-mail was composed and sent completely using recycled electrons) Shreyas Zare Co-Founder, Technitium eMail: shreyas () technitium com ..::< The Technitium Team >::.. Visit us at www.technitium.com Contact us at theteam () technitium com Technitium Personal Computers We belive in quality. Visit http://pc.technitium.com for details.
Current thread:
- MAC spoof concept zillah (Apr 15)
- Re: MAC spoof concept Deian Stefan (Apr 16)
- RE: MAC spoof concept David Gillett (Apr 16)
- Re: MAC spoof concept Shreyas Zare (Apr 16)
- <Possible follow-ups>
- Re: MAC spoof concept krymson (Apr 16)