Penetration Testing mailing list archives
Re: [PEN-TEST] Change MAC Address
From: Crist Clark <crist.clark () GLOBALSTAR COM>
Date: Tue, 5 Dec 2000 12:52:36 -0800
Bill Weiss wrote:
Bill Weiss(bill_weiss () ATT NET)@Mon, Dec 04, 2000 at 04:01:20PM -0700:Pain Soul(pain_soul () YAHOO COM)@Mon, Dec 04, 2000 at 10:43:55AM -0800:Hi List!! I wanted to know if someone can provide me a name of the software that can change the MAc Address.Under Linux (maybe BSD, don't know), you can do it with ifconfig like so: /sbin/ifconfig eth0 hw ether 00:00:00:00:00:01 (works on my machine). Of course, you have to be root...Quick self-reply, you have to bring the interface down first (ifconfig eth0 down) to do this. Also, a bit of Windows wierdness. If I change the MAC of my Linux gateway to FF:FF:FF:FF:FF:FF, the windows box can't access the internet anymore. Oh well...
I just saw this the other day. I do not really know if it is a bug or feature. Windows (no idea which Win flavors) seems to ignore ARP replies that tell it a MAC address is ff:ff:ff:ff:ff:ff, the broadcast address. I guess that could be seen as a security feature. If you can convince a machine that an IP address (or how about all local IPs) are associated with the data-layer broadcast address, you can sniff the traffic without putting an interface on another machine into promiscuous mode. That could be quite useful for an intruder. I am not aware of a situation where using ff:ff:ff:ff:ff:ff as a MAC is legitimate. Therefore, if M$ documents this behavior anywhere, it is a feature. If it is undocumented, it is a bug. (BTW, Windows has a _lot_ of bugs under these criteria.) At least, that is my arbitrary ruling on the topic. ;) -- Crist J. Clark Network Security Engineer crist.clark () globalstar com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster () globalstar com
Current thread:
- [PEN-TEST] Change MAC Address Pain Soul (Dec 05)
- Re: [PEN-TEST] Change MAC Address Bill Weiss (Dec 05)
- Re: [PEN-TEST] Change MAC Address Bill Weiss (Dec 06)
- Re: [PEN-TEST] Change MAC Address Crist Clark (Dec 06)
- Re: [PEN-TEST] Change MAC Address N Catlow (Dec 07)
- Re: [PEN-TEST] Change MAC Address Lydick, Adam (Dec 10)
- Re: [PEN-TEST] Change MAC Address Bill Weiss (Dec 06)
- Re: [PEN-TEST] Change MAC Address Bill Weiss (Dec 05)
- Re: [PEN-TEST] Change MAC Address Arturo Busleiman (Dec 07)
- <Possible follow-ups>
- Re: [PEN-TEST] Change MAC Address Dunker, Noah (Dec 05)
- Re: [PEN-TEST] Change MAC Address Jose Nazario (Dec 05)
- Re: [PEN-TEST] Change MAC Address Jonathan Johnson (Dec 05)
- Re: [PEN-TEST] Change MAC Address Jason Poley (Dec 05)