Security Basics mailing list archives
Re: Detecting Spoofed MAC
From: israel () israeltorres org
Date: 30 Nov 2006 20:27:48 -0000
On a local Windows box you can easily check if the local machine is spoofing the mac by searching for the NetworkAddress value in the registry for the enumerated network devices (wired/wireless). I've written a tool in the past that allows you to quickly check for this and report back which device is "spoofing" - it is called macitup (as in make it up) windows binary exectuable: http://tools.israeltorres.org/#macitup to check if adapter is using NetworkAddress to spoof MAC input: macitup.exe --checknetworkaddress xx:xx:xx:xx:xx:xx output: NetworkAddress is not being used by the system for adapter: [XX:XX:XX:XX:XX:XX] *note you can actually use the literal string xx:xx:xx:xx:xx:xx to scan for spoofed addresses with this tool* More information on NetworkAddress : http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netxp_r/hh/NetXP_r/NdisXN_R_459fbfae-4235-4f60-9b10-02c60defc236.xml.asp This NetworkAddress value overrides the manufactures MAC and if not set correctly could cause your NIC to be unresponsive until it is reset or set better. Israel Torres
Current thread:
- RE: Detecting Spoofed MAC Lall, Navneet Singh (Dec 01)
- <Possible follow-ups>
- Re: Detecting Spoofed MAC crazy frog crazy frog (Dec 01)
- RE: Detecting Spoofed MAC Maxime Ducharme (Dec 01)
- Re: Detecting Spoofed MAC israel (Dec 01)
- Re: RE: Detecting Spoofed MAC vachanta (Dec 01)
- Re: Detecting Spoofed MAC Jason Muskat, GCFA, GCUX, de VE3TSJ (Dec 06)