RE: mac duplication

Glenn_Everhart_at_bankone.com
Date: 12/15/03

  • Next message: David Gillett: "RE: mac duplication"
    Date: Mon, 15 Dec 2003 12:08:21 -0500
    To: <fooler@skyinet.net>, <jimit@myrealbox.com>, <vuln-dev@securityfocus.com>
    
    

    MAC addresses need to be unique if your network uses ARP or something like
    it to translate its network address to MAC on ethernet, or if it includes
    MAC address. There exist networks that do not use ARP and require MAC
    addresses to be adjusted to fit the network address scheme.

    Their existence (and the fact they preceded IP) is a reason why essentially
    all ethernet interfaces can reset their MAC addresses programmatically.

    As long as you aren't trying to just hub together all of a wide area net
    (i.e., without switching...a trick that has been tried and works rather
    badly) the potential duplication of MAC addresses is not a technical problem
    when switches operate on higher level traffic protocols.

    -----Original Message-----
    From: fooler [mailto:fooler@skyinet.net]
    Sent: Sunday, December 14, 2003 4:17 AM
    To: Jimi Thompson; vuln-dev@securityfocus.com
    Subject: Re: mac duplication
    Importance: High

    ----- Original Message -----
    From: "Jimi Thompson" <jimit@myrealbox.com>
    To: <vuln-dev@securityfocus.com>
    Sent: Sunday, December 14, 2003 8:33 AM
    Subject: Re: mac duplication

    > Dev,
    >
    > You seem to need some clarification about how Ethernet actually works.
    > I'm going to try to toss out a 50,000 foot view. Anyone can feel free
    > to add to this or correct me.

    hi jimi, i would like to add and correct some of your statement....

    > Host names map to IP addresses via DNS.

    correct

    > IP address map to MAC addresses via router tables.

    it is most appropriate to say ip addresses map to mac address via arp table

    > Just as your IP
    > address has to be unique in order to be routable, so does your MAC
    > address.

    every network device that is using ethernet has a mac address and should be
    unique too.... unlike with ip address which is routable, mac address is
    not....

    > MAC addresses are purchased in blocks by the people who make
    > network devices and blown on to what amount to EPROMS and attached to
    > network cards, switch ports, etc.
    >
    > No two ethernet cards on the planet should have the same MAC address
    > (emphasis on SHOULD because I've run into cards with duplicated MAC's
    > and you won't believe the havoc this wreaks). This is used as a
    > physical layer address by things like ARP.

    [...]

    **********************************************************************
    This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you
    **********************************************************************


  • Next message: David Gillett: "RE: mac duplication"

    Relevant Pages

    • Re: MAC address spoofing - conflict?
      ... Ethernet switches split ethernet networks into different collision ... MAC spoofing should not be applicable to thoses environments as it ... Depending on switch behaviour, you may ... WiFi network, as it is a layer 1 share medium too. ...
      (Pen-Test)
    • TidBITS#794/29-Aug-05
      ... This week's issue brings a potpourri of Mac news, ... Mark Anbinder looks briefly at Google Talk, ... Adding Tiger's AirPort Preferred Network List ...
      (comp.sys.mac.digest)
    • Re: MAC address spoofing - conflict?
      ... That being the case I would think that all network cards on that collision domain would get the packet. ... ARP broadcasts and the question is what will happen. ... ARP asks for an _IP_ address, not a MAC one. ... Cenzic Hailstorm finds vulnerabilities fast. ...
      (Pen-Test)
    • Re: Leopard Sidebar Question
      ... (But if you've rebooted your Mac that will clear the arp table. ... it's handy for cases like Apple which have their own network interface devices. ... For example the internal interface for my firewall box, a soerkris 4801, give me "SiByte, Inc" which doesn't really help that much, on the other hand the MAC for my Wii does return Nintendo. ... the situation is rather surprising. ...
      (comp.sys.mac.system)
    • Re: Transferring files from windows xp to mac os x with an ethernet cable
      ... for example, when i go to network connections on the windows machine it always says that the "1394 Connection" is connected, even when there's no ethernet cable plugged in.. ... i have to use the usb connection to connect my modem to the windows machine; when i connect the same modem to my mac i just use the ethernet jack and it works right away.. ...
      (comp.sys.mac.system)