Re: Changing the mac address on Windows 2000 and XP

From: Greg Stiavetti (gstiavetti_at_rentoneonline.com)
Date: 07/07/05

  • Next message: dave kleiman: "RE: CISA Prepartion Links"
    To: <Alexander.Bolante@gmail.com>, "Pranav Lal" <pranav.lal@gmail.com>
    Date: Wed, 6 Jul 2005 17:24:22 -0700
    
    

    None of the reccomendations preclude using a static IP with the mac spoofed
    card.

    ----- Original Message -----
    From: "Alexander Bolante" <alexander.bolante@gmail.com>
    To: "Pranav Lal" <pranav.lal@gmail.com>
    Cc: <security-basics@securityfocus.com>
    Sent: Tuesday, July 05, 2005 10:07 PM
    Subject: Re: Changing the mac address on Windows 2000 and XP

    1) Several 3rd party utilities I've used in the past in a test/dev
    environmt.

     http://www.klcconsulting.net/smac/
     http://www.download.com/a-Mac-Address-Change/3000-2381_4-10325167.html

     2) I'm not sure if there are any tools for detecting spoofed MAC
    addresses. But there are tools for simply comparing the MAC addresses
    to an approved list and flagging any unknown ones.

    You should probably think more about DHCP security. Assuming you have
    a considerable tolerance for administrative overhead ;) you can maybe:

    a) Use reservations for assigning addresses of critical servers on
    your network (predefined setting that maps a MAC address to an IP
    address so that only a client with a particular MAC address can lease
    the IP address associated with that reservation).

    b) Create reservations for each and every client machine on the
    network, and if unreserved IP addresses still remain in the DHCP
    server's scope then these could be reserved using invalid or
    non-existing MAC addresses. Then when a rogue client tries to boot on
    the network the result is that the DHCP server has no free addresses
    to lease and the client can't connect.

    I'm not sure how feasible this is for you, but it could be a start.
    BTW my 13 yr old neighbor says he can find a way to circumvent DHCP
    reservations. Who knows? Bottom line -- just make sure you have
    rigorous security across the board...

     Hope that helps. Cheers!

    -- 
    ALEXANDER BOLANTE
    Alexander.Bolante@gmail.com
    "I hate quotations. Tell me what you know."
     - Ralph Waldo Emerson
    On 7/5/05, Pranav Lal <pranav.lal@gmail.com> wrote:
    > Hi all,
    >
    > Is there any way to change the mac address of a LAN card in Windows
    > 2000 and Windows XP?
    >
    > As a corollary to the question, how would one detect if a computer
    > was changing its mac address? This is assuming that the network on
    > which this machine is connected has DHCP enabled.
    >
    > Pranav
    >
    >
    > --
    > No virus found in this outgoing message.
    > Checked by AVG Anti-Virus.
    > Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005
    >
    >
    >
    -- 
    ALEXANDER BOLANTE
    Alexander.Bolante@gmail.com
    "I hate quotations. Tell me what you know."
     - Ralph Waldo Emerson 
    

  • Next message: dave kleiman: "RE: CISA Prepartion Links"