Ethernet ( MAC ) Address Reliability

From: William N. Zanatta (william_at_veritel.com.br)
Date: 09/08/03

  • Next message: Burton M. Strauss III: "RE: Ethernet ( MAC ) Address Reliability" 
    Date: Mon, 8 Sep 2003 11:17:00 -0300 (BRT)
To: vuln-dev@securityfocus.com

      Hey guys,

        I'm currently studying 'sadoor' ( see links at the foot ), a tool
    built over a proof-of-concept on monitoring interfaces instead of opening
    ports. The concept behind the tool consists ( roughly ) on monitoring the
    interface, waiting for a sequence of ip/tcp/udp key packets ( configurable
    ) and a command packet which runs a command at the host.

        The first article ( below ) introduces the tool and the hopotesis of
    using it as a remote system administration tool. Of course there are many
    security risks involved when doing it but I believe that a well planned
    system may work with a fine security level ( just focusing on this tool ).

        But there's one thing which worries me, the ethernet addresses. This
    is the point where I want to hear from you, and the question is, how much
    reliable are these addresses? I know they're spoofable and thus it may
    bring problems with this kind of software.

        Anyway I'm still making some research on this ( I'm not a network
    authority ;] ) but I would really like to hear from you.

        Thank you all,

        --

        References:

          1. A Practical Approach of Stealthy Remote Administration
          http://www.linuxsecurity.com/feature_stories/feature_story-149.html

          2. SAdoor's Home Page
          http://cmn.listprojects.darklab.org

        --

       William

    PS: Sorry for my messy english.

  • Next message: Burton M. Strauss III: "RE: Ethernet ( MAC ) Address Reliability"