Re: MAC address spoofing - conflict?

penetrationtestmail@xxxxxxxxx píše v Út 15. 08. 2006 v 01:38 +0000:

Pieter Danhieux wrote:
if you spoof the MAC, there are several options:
- you ask IP through DHCP -> dhcp server could refuse giving another IP if the MAC is still active. Depends on the implementation
- you set an IP -> if you choose the SAME ip, this will cause problems
-> if you choose another ip, you won't see any problems. All packets for the authorized client, are going to be discarded by your IP stack, and all your packets, by his IP stack.
Right. So it depends on whether a DHCP server is in place, and, if it is, how it is configured?

And if you choose another IP address (manually), it doesn't matter if you have the same MAC as the other client or not... Doesn't this depend on what type of hardware it is? I suppose it depends on what is being used to route the packets, as (if I'm not mistaken) some do this by MAC and others by internal (NATed) IP?


I think it does matter. Because there will be more than host replying to
ARP broadcasts and the question is what will happen.

Lubos Kolouch

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

Relevant Pages

  • Re: A little FYI
    ... >>services and protocols out of the NIC's Propeties box and reboot to ... >>stack rebuild if it doesn't work, which I have seen post made to Win ... > it's set to DHCP and for some reason a DHCP server cannot be found. ... I never said that it was not an Auto Config IP that was being assigned ...
    (comp.security.firewalls)
  • Re: FreeBSD router -- hardware requirements?
    ... That comes down to pushing the packets from one card to another, ... I suppose it would need to be a DNS server and DHCP server in addition. ... computers in the home network. ... I'm mostly concerned that the speed of the wireless computers might be ...
    (comp.unix.bsd.freebsd.misc)
  • Re: martian source: any IP gurus?
    ... I suspect this is your local LAN, ... and look for these martian packets. ... Expert 0rks up the configuration of the domain controller or DHCP server so ... bad that even windoze boxes can't get a DHCP lease. ...
    (alt.os.linux.suse)
  • Re: (progress) Network card not detected or listed in installation
    ... pinged the dhcp server by typing '192.168.1.1' and got ... ... '98 packets transmitted, 0 packets recieved, 100% packet loss' ... I tried the 'tulip' module and the installation failed. ... the FA311 may very well need the natsemi driver. ...
    (Debian-User)
  • Re: [opensuse] More 10.2 -> 10.3 problems - network this time
    ... DHCPDISCOVER packets are received, but the openSuSE box neither receives ... (transmitting but not receiving), which is very odd. ... security setting or security layer which is stopping the packets being ... Have you rebooted your dhcp server or otherwise ...
    (SuSE)