Vulnerability Development mailing list archives
Re: spoofing the ethernet address
From: lamont () ICOPYRIGHT COM (Granquist, Lamont)
Date: Wed, 1 Mar 2000 09:31:51 -0800
On Tue, 29 Feb 2000, Bobby, Paul wrote:
Been playing with hping, and I imagine other IP spoofing tools generate the same types of packets. The spoofed packet contains a bogus IP address, yes. However the ethernet address (MAC) is the address of the sending machine. Is it possible to spoof this address also? Would someone have to write a custom ethernet driver?
IIRC, if you're using Berekely Packet Filter (BPF -- Digital Unix, *BSD) then the source MAC will be copied into the ethernet frame by the driver. It isn't, of course, much of a kernel hack to modify this under *BSD. I don't know what the behavior of other packet filters is (Sun, IRIX, Linux, etc). To write ethernet frames, you just open a packet filter interface rw and then write to the fd. Its fairly easy to take the code in libpcap and modify to allow sending ethernet frames (at least for the couple of platforms that I've tried this on).
Current thread:
- Re: spoofing the ethernet address Sen_Ml Sen_Ml (Mar 01)
- Re: spoofing the ethernet address yeti (Mar 02)
- <Possible follow-ups>
- Re: spoofing the ethernet address Mikael Olsson (Mar 01)
- Re: spoofing the ethernet address Carl-Johan Bostorp (Mar 01)
- Re: spoofing the ethernet address Simple Nomad (Mar 01)
- Re: spoofing the ethernet address Vitek, Ian (Mar 01)
- Re: spoofing the ethernet address Granquist, Lamont (Mar 01)
- Re: spoofing the ethernet address Mudge (Mar 01)
- Re: spoofing the ethernet address Dug Song (Mar 02)
- Re: spoofing the ethernet address Ben Grubin (Mar 01)
- Re: spoofing the ethernet address -DAL- (Mar 01)
- Re: spoofing the ethernet address Iván Arce (Mar 01)
- Re: spoofing the ethernet address hypoclear - lUSt - (Linux Users Strike Today) (Mar 01)
- Re: spoofing the ethernet address The I (Mar 01)
- [Fwd: spoofing the ethernet address] Fredrik Widlund (Mar 02)
- spoofing the ethernet address (PPPoE) mike (Mar 02)
- Re: spoofing the ethernet address John Hall (Mar 01)
(Thread continues...)