Re: MAC address spoofing - conflict?



Mon, Aug 28, 2006 at 01:54:25AM -0000, penetrationtestmail@xxxxxxxxx scrive:
Thank you very much!


In other words:


If it is a hub (as most wireless APs are), you can have a duplicate MAC on the network as long as you set your own, different IP. Once you have different IPs, you will receive your own traffic, and the original client will receive theirs, as packets are routed using the IP address rather than the MAC address.


A switch, on the other hand, routes packets to clients using their MAC address rather than the IP address, so you're more likely to have problems in this situation - however, this hardly ever applies to APs, especially SOHO ones (as they are hubs).



i think that the routing table of the switch is being taken on the MAC
address until the disconnection of host1.

For example, let's take MAC1 (connected) and Attacker. If Attacker
spoof the MAC address of MAC1, he can try to change it with
macchanger, but he will not be really connected until the other client
will be connected to the AP. So Attacker need to use some
disconnection-tool (aircrack for example) and before that MAC1 try to
reconnect, must connect to the AP with his MAC address.


Fabio


Is that correct?


Thank you ;)

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

--

'if you do not see the way, you do not see it even as you walk it'
nigifabio(at)gmx.it // superfabiolone.dyndns.org gpg key id:F7B8DD3F



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------



Relevant Pages

  • Re: unswitched behavior of a switched network...
    ... The mac addresses are unknown to the ... a mirror of a trunk. ... why would a switch that is processing a session between two endpoints ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: MAC address spoofing - conflict?
    ... A switch, on the other hand, routes packets to clients using their MAC address rather than the IP address, so you're more likely to have problems in this situation - however, this hardly ever applies to APs, especially SOHO ones. ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: unswitched behavior of a switched network...
    ... I'm no switch expert, but your last comment caused an hypothesis to pop ... Do any of your hosts have hard-coded MAC addresses set up? ... since those hosts wouldn't bother sending ARP requests, ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • NFS clients dont recognize MC/Service Guard switch
    ... server to another - same IP, different MAC address. ... switch occurs, the server sends out an arp to notify the switch ... The problem is that when this switch occurs, none of the Sun clients ...
    (SunManagers)
  • RE: Mac to PC file sharing issues on SBS2003
    ... the server or PC clients anymore after moving everything out of the Microsoft ... If the resource fork is still open on the server for no reason they will get ... a username and password prompt on their Mac when they try to move the folder ...
    (microsoft.public.windows.server.sbs)