Penetration Testing mailing list archives

RE: Ping a mac address

From: "Roni Bachar" <roni () avnet co il>
Date: Mon, 5 Dec 2005 16:57:49 +0200

"That's why I was asking "why?"  It depends on what he's ultimately going to

do and what"

I am testing two separated networks one is a big 4 A class network and one
is a small c class. I would like to see that no machine is connected to the
C class and to the A class at the same time.

Some pre-information: I dont have access to the DHCP server nor to the
switches and I am not Administrator of the network.

I thought the best way is to scan the class c get all the mac and then
connect to the A class and find a way to see if this mac's exist on it or
not.

p.s I know that I can scan both network with varies of tools and compare the
mac's but I rather not do it this way.

My goal is to find out other ways to see that the mac isn't connected to 
Both networks.


-----Original Message-----
From: Thor (Hammer of God) [mailto:thor () hammerofgod com] 
Sent: Sunday, December 04, 2005 8:39 PM
To: Cedric Blancher
Cc: Roni Bachar; pen-test () securityfocus com
Subject: Re: Ping a mac address

That's why I was asking "why?"  It depends on what he's ultimately going to 
do and what the host is...  All packets are not automatically dropped if the

IP doesn't match the bound IP -- that's what the MAC is for in the first 
place.  For instance, I have a few IP cameras around my infrastructure... If

I add a static ARP entry for the MAC to some arbitrary IP (that's still on 
my subnet) I can use that arbitrary IP to access the unit's HTTP 
configuration... works just fine.

t

-----
"And yet, even if one person finds his way... that means
there is a Way.  Even if I personally fail to reach it."

Mr. Nobusuke Tagomi
Top Place, Ranking Imperial Trade Mission
Pacific States of America

----- Original Message ----- 
From: "Cedric Blancher" <blancher () cartel-securite fr>
To: "Thor (Hammer of God)" <thor () hammerofgod com>
Cc: "Roni Bachar" <roni () avnet co il>; <pen-test () securityfocus com>
Sent: Sunday, December 04, 2005 10:18 AM
Subject: Re: Ping a mac address


Le dimanche 04 décembre 2005 à 01:58 -0800, Thor (Hammer of God) a
écrit :

Given that, if the host *is* on the same subnet, and you want to reach
it, it doesn't really matter what IP address is bound to the adapter--
you can just add a static ARP entry on the local system to assign the
MAC to whatever "in-network" IP you want, whether it's the "real" IP
or not...


Maybe I misunderstand your point, but as you will be indeed be able to
send that host an ethernet frame knowing its MAC address, you may want
to have it processed at upper layers, if you need to coomunicate with
that host for instance. As it will drop any packet that is not destined
to its very own IP address (or one of its, if multiple), you definitly
need to know it for this kind of purpose.


-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE

Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!




----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are

futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---




------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Re: Ping a mac address, (continued)
- Re: Ping a mac address Marcos Pitanga (Dec 02)
  - Ping a mac address Roni Bachar (Dec 04)
    - Re: Ping a mac address nosy (Dec 04)
    - Re: Ping a mac address Thor (Hammer of God) (Dec 04)
    - Re: Ping a mac address Cedric Blancher (Dec 04)
    - Re: Ping a mac address Thor (Hammer of God) (Dec 04)
    - Re: Ping a mac address Cedric Blancher (Dec 04)
    - Re: Ping a mac address Thor (Hammer of God) (Dec 04)
    - Re: Ping a mac address Cedric Blancher (Dec 04)
    - Re: Ping a mac address Mohamadi ZONGO (Dec 05)
    - RE: Ping a mac address Roni Bachar (Dec 05)
    - RE: Ping a mac address Barrie Dempster (Dec 06)
    - Re: Ping a mac address Joachim Schipper (Dec 06)
    - Re: Ping a mac address Brian Loe (Dec 06)
    - Re: Ping a mac address Joachim Schipper (Dec 07)
    - Re: Ping a mac address Samuel R. Baskinger (Dec 08)
    - Re: Ping a mac address Samuel R. Baskinger (Dec 08)
    - Re: Ping a mac address kuisma (Dec 04)
- Re: Ping a mac address Joshua Shaffer (Dec 03)
- Re: Ping a mac address Maxime Ducharme (Dec 05)
- RE: Ping a mac address John Tavares (Dec 03)

(Thread continues...)