Penetration Testing mailing list archives

Re: [PEN-TEST] MAC -> IP ?

From: Nelson Brito <nelson () SECUNET COM BR>
Date: Mon, 19 Mar 2001 10:50:11 -0300

"Kerle, Jens" wrote:


Hi,

i am watching our net for changes in IP and MAC (which we don't allow). On
out Switch i can find a MAC, with no known IP. I already tried to ping the
whole IP range and looked in the arp table of my computer, but can't find
the MAC there. If i flush the switch arp table, the MAC comes back after
some seconds, so the 'evil' computer seems to be active.

1. is there a better way to get the IP if i have the MAC ?

2. how is it possible to hide your arp requests/response ?

thanks, Jens


Try Cristiano Lincoln Mattos' ARPTool with "-m" argument(mapping).

It's available at:
http://www.hotlink.com.br/users/lincoln/arptool/
http://packetstorm.securify.com/9901-exploits/arptool.c

Notice: It's possible you can't compile it over new Kernel's Version. If you
wanna, I can send you a static version from it.

Sem mais,
--
# Nelson Brito <nelson () secunet com br>
# Security Networks / IBQN - The Trust Company!
# Contacts: (+55.021) 282-1351 R. 104
open(S, shift || $ENV{'HOME'} . "/.signature") || die "open: $!\n";
foreach(<S>){ chop; split(//, $_); print reverse @_; print "\n"; }
close(S);

Current thread:

[PEN-TEST] MAC -> IP ? Kerle, Jens (Mar 18)
- Re: [PEN-TEST] MAC -> IP ? H D Moore (Mar 18)
- Re: [PEN-TEST] MAC -> IP ? Nelson Brito (Mar 19)
- <Possible follow-ups>
- Re: [PEN-TEST] MAC -> IP ? Abe Getchell (Mar 18)
- Re: [PEN-TEST] MAC -> IP ? Andrew Lawton (Mar 19)
  - Re: [PEN-TEST] MAC -> IP ? Dom De Vitto (Mar 19)
- Re: [PEN-TEST] MAC -> IP ? Torbjorn karlsson (Mar 19)
- Re: [PEN-TEST] MAC -> IP ? Chris Arnold (Mar 19)
- Re: [PEN-TEST] MAC -> IP ? Andrew Griffiths (Mar 19)