Re: Layer 2 Security And Penetration Testing

From: Jason Carr (
Date: 01/04/05

  • Next message: Toni Heinonen: "RE: Layer 2 Security And Penetration Testing"
    Date: Mon, 03 Jan 2005 19:15:13 -0500
    To: shiri yacov <>

    Depending on what the "rules" of the pentest is, you can do the
    following... If there is equipment inside of the room you are in,
    usually there's a sticker on the bottom/side of equipment, expecially
    laptops, of the MAC address(es). This is the most likely thing that I
    would do. There's also the obvious calling somebody pretending to be IT
    and telling them you need the MAC and asking them to run ipconfig and
    giving you the results.

    I'm interisted to hear how it turns out, if possible, let me/us know :)

    - Jason

    shiri yacov wrote:

    >Greetings to all PenTesters,
    >I am scheduled to perform a pentest in a big company, in the near future.
    >However, a little intelligence gathering has revealed that the company
    >has enforced secure MAC on her switches (any port transmitting on other than its known MAC address is immediatltly blocked until helpdesk releases it.
    >since my starting point is a "hot" port in the wall, and since I would not
    >give up on the first stage, I am looking for a way to get connected to
    >the net (using my allocated port) without activating any alarm when
    >connecting to the net, and furthermore, without being blocked.
    >My idea so far includes spoffing my MAC address, however, I still dont know to which MAC address should I switch my MAC to ? how do I know
    >which MAC address is the legal one on a specific port ?
    >Bruteforce is not an option - the port is frozen after 3 unsuccessful subsequent unauthorized MACs.
    >Did anyone ever came accross a similar configuration ? Do you have an
    >idea as to how can I bypass this.
    >Shiri, Security Consultant

  • Next message: Toni Heinonen: "RE: Layer 2 Security And Penetration Testing"

    Relevant Pages

    • Re: Layer 2 Security And Penetration Testing
      ... And even if possible usually not the focus of a pentest. ... In case a:employee the attacker usually could simply look for the MAC address of a colleague's PC during that colleague is getting some coffee at the machine... ... In case b:authorised external person exactly that MAC is authorised at the port and the usual question is: if somebody has access to our network, ... Enno Rey ...
    • Re: Oops. I dropped my ISPs jury-rigged rooftop antenna - Did research - Will these repl
      ... until I can find a male MC to male SMA pigtail in San Jose. ... I'll buy the equipment and tell them the new MAC ... It's a local mountain ISP so who knows what they'll do. ...
    • Re: Notebook Computer
      ... Mac are 100% standard equipment. ... Intel CPU, Intel Mother Board, Intel or ... But each equipment attachment must be formatted to PC or Mac operating system and to use a program written for either system requires a reboot to use the program written for that particular system. ...
    • Re: Is it time to get one yet?
      ... Mac Cool wrote: ... just think how much better equipment he can get now for a buck verses 4 years ago.... ... reliability-wise, not very significant. ...
    • RE: 3ds Max for mac
      ... we received a budget to improve our ... equipment and start running 3d Max. ... I want to know what is the best choice: Having two partitions, ... I'm a mac man plain and simple. ...