Penetration Testing mailing list archives

Re: [PEN-TEST] Change MAC Address

From: Crist Clark <crist.clark () GLOBALSTAR COM>
Date: Tue, 5 Dec 2000 12:52:36 -0800

Bill Weiss wrote:


Bill Weiss(bill_weiss () ATT NET)@Mon, Dec 04, 2000 at 04:01:20PM -0700:

Pain Soul(pain_soul () YAHOO COM)@Mon, Dec 04, 2000 at 10:43:55AM -0800:

Hi List!!
I wanted to know if someone can provide me a name of
the software that can change the MAc Address.


Under Linux (maybe BSD, don't know), you can do it with ifconfig like so:

/sbin/ifconfig eth0 hw ether 00:00:00:00:00:01

(works on my machine).  Of course, you have to be root...


Quick self-reply, you have to bring the interface down first (ifconfig eth0 down)
to do this.

Also, a bit of Windows wierdness.  If I change the MAC of my Linux gateway to
FF:FF:FF:FF:FF:FF, the windows box can't access the internet anymore.  Oh well...


I just saw this the other day. I do not really know if it is a bug or
feature. Windows (no idea which Win flavors) seems to ignore ARP replies
that tell it a MAC address is ff:ff:ff:ff:ff:ff, the broadcast address.
I guess that could be seen as a security feature. If you can convince a
machine that an IP address (or how about all local IPs) are associated
with the data-layer broadcast address, you can sniff the traffic without
putting an interface on another machine into promiscuous mode. That
could be quite useful for an intruder.

I am not aware of a situation where using ff:ff:ff:ff:ff:ff as a MAC
is legitimate. Therefore, if M$ documents this behavior anywhere, it
is a feature. If it is undocumented, it is a bug. (BTW, Windows has
a _lot_ of bugs under these criteria.) At least, that is my arbitrary
ruling on the topic. ;)
--
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926

The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.  If
the reader of this e-mail is not the intended recipient, or the employee
or agent responsible to deliver it to the intended recipient, you are
hereby notified that any review, dissemination, distribution or copying
of this communication is strictly prohibited.  If you have received this
e-mail in error, please contact postmaster () globalstar com

Current thread:

[PEN-TEST] Change MAC Address Pain Soul (Dec 05)
- Re: [PEN-TEST] Change MAC Address Bill Weiss (Dec 05)
  - Re: [PEN-TEST] Change MAC Address Bill Weiss (Dec 06)
    - Re: [PEN-TEST] Change MAC Address Crist Clark (Dec 06)
    - Re: [PEN-TEST] Change MAC Address N Catlow (Dec 07)
    - Re: [PEN-TEST] Change MAC Address Lydick, Adam (Dec 10)
  - Re: [PEN-TEST] Change MAC Address Arturo Busleiman (Dec 07)
- Re: [PEN-TEST] Change MAC Address Chris Winter (Dec 05)
- Re: [PEN-TEST] Change MAC Address Bruno Taranto Alvim (Dec 05)
- Re: [PEN-TEST] Change MAC Address Alex Butcher (Dec 06)
- <Possible follow-ups>
- Re: [PEN-TEST] Change MAC Address Dunker, Noah (Dec 05)
  - Re: [PEN-TEST] Change MAC Address Jose Nazario (Dec 05)
- Re: [PEN-TEST] Change MAC Address Jonathan Johnson (Dec 05)
  - Re: [PEN-TEST] Change MAC Address Jason Poley (Dec 05)

(Thread continues...)