Re: MAC address spoofing - conflict?
- From: dogten@xxxxxxxxxx
- Date: Mon, 21 Aug 2006 11:55:14 -0500
In general a hub represents multiple physical ports on a single collision domain. That being the case I would think that all network cards on that collision domain would get the packet.
-Scott
Lubos Kolouch wrote:
Yes, but what will happen then? Data will be sent to that MAC address.
If it is switched network, I can imagine the switch will maybe send it
to the correct port from which the response came?
If there is a hub though, the packet will be delivered to which network
card?
Lubos Kolouch
Cedric Blancher pÃÅ¡e v ÄŒt 17. 08. 2006 v 08:56 +0200:
Le mercredi 16 août 2006 à 10:26 +0200, Lubos Kolouch a écrit :
I think it does matter. Because there will be more than host replying toNope it does not matter, because you won't have multiple answers...
ARP broadcasts and the question is what will happen.
ARP asks for an _IP_ address, not a MAC one. Therefore, if MAC addresses
are identical, but IP addresses are different, an ARP request for one
given IP address will get one answer only. In the end, you will end up
with two entries in ARP cache with the same MAC address, but there's not
problem out there.
And if, in case of some wierd and unexplained behaviour (aka awful bug),
both hosts were replying, they would reply with the same MAC address to
the same request, so you would not have problem either.
Le jeudi 17 août 2006 à 01:03 +0000, penetrationtestmail@xxxxxxxxx a
écrit :And if anyone knows the exact answer, that would be most helpful ;)The exact answer is: you can seamless spoof MAC addresses on WLAN as
long as you use a different IP address than spoofed host, so you don't
have TCP RST problems and stuff like this. Tested in lab and real life
for pentests.
It's a classical technic (among others[1]) for bypassing some cheap, but
still widespread, WLAN captive portal that only track authenticated
clients with their MAC address.
[1] http://sid.rstack.org/pres/0602_ESW_CaptiveBypass.pdf
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
--
Scott Davidson, CISSP, SCSP, CCNA
scott@xxxxxxxxxx - dogtentx on Yahoo IM
MOB 214-632-6191
FAX 440-658-6191
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
- References:
- Re: MAC address spoofing - conflict?
- From: penetrationtestmail
- Re: MAC address spoofing - conflict?
- From: Lubos Kolouch
- Re: MAC address spoofing - conflict?
- From: Cedric Blancher
- Re: MAC address spoofing - conflict?
- From: Lubos Kolouch
- Re: MAC address spoofing - conflict?
- Prev by Date: Re: MAC address spoofing - conflict?
- Next by Date: Bluetooth Pentesting?
- Previous by thread: Re: MAC address spoofing - conflict?
- Next by thread: R: MAC address spoofing - conflict?
- Index(es):
Relevant Pages
|
