Re: MAC spoof concept

["Shreyas Zare" <shreyas () technitium com>]

Hi Zillah,

You are mixing MAC spoofing and ARP poisoning I suppose. Also, what
you are trying to achieve is not clear.

If you want to impersonate PC1's identity, you can use its MAC address
such that you can access the network which PC1 is allowed to, when PC1
is offline. That is if PC1 is loged on to a particular type of network
where his MAC address is an important key then you can change your mac
address to access his network. To change MAC address you can use
Technitium MAC Address Changer.

If you want to do a Man-In-The-Middle attack, use ARP poisoning. Here
you have to continuously send an ARP packet to PC1 and PC3 which will
poison both machines ARP cache such that your MAC address will be
listed in both machines MAC table. Thus, all packets that PC1 sends to
PC3 or PC3 sends to PC1 will reach your NIC. Now you can just forward
the packets to its actual destination such that no user will notice
any difference. And using Wireshark you can capture all the traffic
for analysis. To do this there are tools available like Cain & Abel,
WinARPSpoofer etc.

Regards,

On 4/13/07, zillah <forwardtruth () yahoo com> wrote:
> I have got these three PCs :
>
> PC1 source (victim) , and PC3 Destination (Target),
> PC2 attacker (imporsonate idintity of PC1)
>
>
> PC1 mac address is : 0000.ffff.aaaa
> PC2 mac address is : 0000.ffff.bbbb
> PC3 mac address is : 0000.ffff.cccc
>
>
> They are connected to cisco switch 3550
>
> The term MAC spoofing is the creation of frame with a
> forged (spoofed) source MAC address (our case
> 0000.ffff.aaaa ) with the purpose to conceal the
> identity of the sender (our case PC2) and impersonate
> the identity of PC1.
>
> If PC2 sends traffic to PC3 (Destination) , PC2 would
> masquerade as PC1 by falsifying its MAC address to be
> 0000.ffff.aaaa, if this the case what would the
> benefit be for PC2 (attacker), if all the traffic (as
> a response to initiated connection from PC2) coming
> back from PC3 go to PC1 instead of PC2 ?
>
> Note:
> 1- In this simple scenario I do not have DHCP server ,
> I assigned ip address statically.
>
> 2- I am aware of ip spoofing.


--
(This e-mail was composed and sent completely using recycled electrons)

Shreyas Zare
Co-Founder, Technitium
eMail: shreyas () technitium com

..::< The Technitium Team >::..
Visit us at www.technitium.com
Contact us at theteam () technitium com

Technitium Personal Computers
We belive in quality.
Visit http://pc.technitium.com for details.