Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hijack IP Address using cable modem

From: Mathias Wegner <mwegner () CS OBERLIN EDU>
Date: Wed, 28 Mar 2001 15:46:06 -0500
I think I see where Patrick was coming from with this:

Victim turns on his computer, and gets an IP address
Cracker, while sniffing the Cable segment notices that IP adress foo is
assigned to MAC bar
Cracker changes his own MAC address to bar, and brings up IP address foo on
this new MAC address (some Ethernet cards have overwritable MAC addresses)
Since both Cracker and Victim have the same MAC, Cracker get's all packets
for Victims computer, and is able to impersonate victim.


This is just a slightly more sophisticated IP Address Spoofing attack.... and
I don't think it will work...


        No, it might work if both machines are on a repeated segment.  But
then it would be just as easy to sniff their transactions if you're on a
repeated segment without going to the trouble of setting this up.  The
impersonation is another issue, probably dependant on the IP stack of the
two machines.


Mathias
Previous By Date Next
Previous By Thread Next

Current thread: