Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MAC address spoofing - conflict?

From: Lubos Kolouch <lubos.kolouch () gmail com>
Date: Wed, 16 Aug 2006 10:26:50 +0200
penetrationtestmail () gmail com píše v Út 15. 08. 2006 v 01:38 +0000:


Pieter Danhieux wrote:

if you spoof the MAC, there are several options:
- you ask IP through DHCP -> dhcp server could refuse giving another IP if the MAC is still active. Depends on the 
implementation
- you set an IP -> if you choose the SAME ip, this will cause problems
        -> if you choose another ip, you won't see any problems. All packets for the authorized client, are going 
to be discarded by your IP stack, and all your packets, by his IP stack.

Right. So it depends on whether a DHCP server is in place, and, if it is, how it is configured?

And if you choose another IP address (manually), it doesn't matter if you have the same MAC as the other client or 
not... Doesn't this depend on what type of hardware it is? I suppose it depends on what is being used to route the 
packets, as (if I'm not mistaken) some do this by MAC and others by internal (NATed) IP?



I think it does matter. Because there will be more than host replying to
ARP broadcasts and the question is what will happen.

Lubos Kolouch

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: