Penetration Testing mailing list archives

Re: MAC address spoofing - conflict?

From: penetrationtestmail () gmail com
Date: 15 Aug 2006 01:38:21 -0000

Morning Wood wrote:

What happens? Do you kick the other client off


use aireplay to deauth the original client
http://www.wirelessdefence.org/Contents/Aircrack_aireplay.htm

Yes, but once they had been deauthed they would almost undoubtedly try to reconnect, so that would in turn kick me 
off.... Wouldn't it?

In addition to this, if I'm conducting a pen test (or attempting to), I want to be as conspicuous as possible, and 
minimise my effects on the productivity of the company's employees, however temporary.


Pieter Danhieux wrote:

if you spoof the MAC, there are several options:
- you ask IP through DHCP -> dhcp server could refuse giving another IP if the MAC is still active. Depends on the 
implementation
- you set an IP -> if you choose the SAME ip, this will cause problems
        -> if you choose another ip, you won't see any problems. All packets for the authorized client, are going to 
be discarded by your IP stack, and all your packets, by his IP stack.

Right. So it depends on whether a DHCP server is in place, and, if it is, how it is configured?

And if you choose another IP address (manually), it doesn't matter if you have the same MAC as the other client or 
not... Doesn't this depend on what type of hardware it is? I suppose it depends on what is being used to route the 
packets, as (if I'm not mistaken) some do this by MAC and others by internal (NATed) IP?


So, if you are both connected to a wireless router, and you have decided upon a static IP address different to the 
other client's (even though you have the same MAC address), the packets should not go to the wrong clients, and all 
should be as if your MAC address weren't the same as the other client's anyway?


Thank you :)

Flail

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

Current thread:

MAC address spoofing - conflict? penetrationtestmail (Aug 13)
- R: MAC address spoofing - conflict? Sebastian Zdrojewski (Aug 14)
- Re: MAC address spoofing - conflict? Pieter Danhieux (Aug 14)
  - Re: MAC address spoofing - conflict? Tonnerre Lombard (Aug 15)
- Re: MAC address spoofing - conflict? Morning Wood (Aug 14)
- <Possible follow-ups>
- Re: MAC address spoofing - conflict? penetrationtestmail (Aug 15)
  - Re: MAC address spoofing - conflict? Lubos Kolouch (Aug 16)
    - Re: MAC address spoofing - conflict? Cedric Blancher (Aug 17)
    - Re: MAC address spoofing - conflict? Lubos Kolouch (Aug 21)
    - Re: MAC address spoofing - conflict? Michael Dieroff (Aug 21)
    - Re: MAC address spoofing - conflict? Cedric Blancher (Aug 21)
    - Re: MAC address spoofing - conflict? dogten (Aug 21)
    - R: MAC address spoofing - conflict? Sebastian Zdrojewski (Aug 21)
    - RE: MAC address spoofing - conflict? Upadhyaya, Vijay (Aug 23)
- Re: MAC address spoofing - conflict? penetrationtestmail (Aug 16)
  - Re: MAC address spoofing - conflict? Gavin White (Aug 21)

(Thread continues...)