RE: Ethernet ( MAC ) Address Reliability

• Previous message: PLANZ: "Re: Ethernet ( MAC ) Address Reliability"
• In reply to: Burton M. Strauss III: "RE: Ethernet ( MAC ) Address Reliability"
• Next in thread: PLANZ: "Re: Ethernet ( MAC ) Address Reliability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <vuln-dev@securityfocus.com>
Date: Wed, 10 Sep 2003 16:12:06 -0700

Won't this only work on some NICs? I thought that it was up to the hw to
allow MAC spoofing

Seva

-----Original Message-----
From: Burton M. Strauss III [mailto:BStrauss@acm.org]
Sent: September 8, 2003 3:45 PM
To: William N. Zanatta; vuln-dev@securityfocus.com
Subject: RE: Ethernet ( MAC ) Address Reliability

Trivial to spoof in some OSes... RH8:

$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.
DEVICE="eth0"
MACADDR="02:00:00:00:00:05"
...

Ideally, values without that xxxxxx1x bit (LLA) set should be globally
unique. In practice, there's no testing on the address you set for MACADDR
(and there are legit reasons for assigning other values - say you want to
spoof a NIC for your Cable Modem).

-----Burton

-----Original Message-----
From: William N. Zanatta [mailto:william@veritel.com.br]
Sent: Monday, September 08, 2003 9:17 AM
To: vuln-dev@securityfocus.com
Subject: Ethernet ( MAC ) Address Reliability

  Hey guys,

    I'm currently studying 'sadoor' ( see links at the foot ), a tool
built over a proof-of-concept on monitoring interfaces instead of opening
ports. The concept behind the tool consists ( roughly ) on monitoring the
interface, waiting for a sequence of ip/tcp/udp key packets ( configurable
) and a command packet which runs a command at the host.

    The first article ( below ) introduces the tool and the hopotesis of
using it as a remote system administration tool. Of course there are many
security risks involved when doing it but I believe that a well planned
system may work with a fine security level ( just focusing on this tool ).

    But there's one thing which worries me, the ethernet addresses. This
is the point where I want to hear from you, and the question is, how much
reliable are these addresses? I know they're spoofable and thus it may
bring problems with this kind of software.

    Anyway I'm still making some research on this ( I'm not a network
authority ;] ) but I would really like to hear from you.

    Thank you all,

    --

    References:

      1. A Practical Approach of Stealthy Remote Administration
      http://www.linuxsecurity.com/feature_stories/feature_story-149.html

      2. SAdoor's Home Page
      http://cmn.listprojects.darklab.org

    --

   William

PS: Sorry for my messy english.

• Previous message: PLANZ: "Re: Ethernet ( MAC ) Address Reliability"
• In reply to: Burton M. Strauss III: "RE: Ethernet ( MAC ) Address Reliability"
• Next in thread: PLANZ: "Re: Ethernet ( MAC ) Address Reliability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]