Change MAC Address on Win2K & XP
From: Kyle Lai (email@example.com)
- Previous message: Ofir Arkin: "Paper Release: Security Risk Factors with IP Telephony based Networks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 22 Nov 2002 22:37:08 -0000 From: Kyle Lai <firstname.lastname@example.org> To: email@example.com('binary' encoding is not supported, stored as-is)
I konw many of you want to answer "NO" or "ONLY if you can find the
option in the NIC advanced properties", because that's the answer I heard
all the time through out my research,
However, the answer is: YES!!!!!!!!!!
ALMOST ALL NIC CAN BE SPOOFED, EVEN IF MANUFACTURERS DON'T INCLUDE
OPTIONS IN THE ADVANCED PROPERTIES.
I wrote a detailed instruction on how to change MAC address on Windows
2000 & XP, and you can find it at:
I know there was one discussion before, but that thread offered no
solutions... I researched for a long time, and I finally discovered the
solution through Microsoft MSDN Driver Development Kit (DDK) and Win2K
resource kit. I have many people tested my instructions, and I haven't
found a NIC that can't be spoofed. Not to say there isn't one out there.
The method is to call a DDK function - NdisReadNetworkAddress.
NdisReadNetworkAddress(...) is called by the network adapter driver to
obtain a user specified MAC address in the registry. After the driver
confirmed that there's a valid MAC address specified in the registry key,
the driver then programs the MAC address to its hardware registers to
override the burn-in MAC address.
Not all manufacturers support this function I heard, but like I said, I
haven't seen one NIC that can't be spoofed. I am interested in learning
which brand and model can't be spoofed. If you know of any, please send
me an email.
I think this discovery might not be new to the device driver developers,
but it certainly is still a well kept secret to lots of security
professionals out there. Therefore, I decided to reveal this secret
because there are too many wrong answers out there.
I am also writing a free tool, SMAC, to change MAC address on Wnidows
2000 & XP. I basically plan to incorporate the technique I discovered
with some other functionalities. SMAC 1.0 is due to release in a few
weeks. Please check www.kylelai.com for updates.
Kyle Lai, CISSP, CISA
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see: