Security Incidents mailing list archives
Re: send to MAC A, reply from MAC B, same IP. Whats going on ?
From: "Jason Muskat, GCFA, GCUX, de VE3TSJ" <Jason () TechDude Ca>
Date: Wed, 13 Jun 2007 19:32:07 -0400
Hello,Wired interfaces have a different MAC address then the wireless interface for the same device -- It's not truly a single device at the board-component level. Some manufactures put a sicker someplace with both.
Regards, -- Jason Muskat | GCFA, GCUX - de VE3TSJ ____________________________ TechDude e. Jason () TechDude Ca m. 416 .414 .9934 http://TechDude.Ca/ On 12-Jun-07, at 8:33 PM, curiouscode wrote:
I have a linksys wireless AP and router. I have been monitoring my ethernet traffic on the wireless laptop (cant put the card into promiscuous mode), soI know I cant see all the traffic that is out there.I have WEP and I know its trivial to break it, I am suspicious it has been broken, but I have not changed the key- because I need to prove it to my SOthat we need to get WAP.I noticed something odd yesterday. This is my configuration: 1 wireless laptop A, one computer wired directly connected to router with cable, Brouter ip: 192.168.1.1 Wireless PORT on the router: 00:11:22:33:44:55:90 Port to which wired Computer B is connected: 00:11:22:33:44:55:8EArp table on wireless computer shows: 192.168.1.1 -- >00:11:22:33:44:55:8E since the MAC address is that of the wired port, I was wondering what isgoing on, so I made a static arp entry in wireless comp A 192.168.1.1 -->00:11:22:33:44:55:90Something I did not expect happened,as I watehced the packets with ethereal. My outgoing packets has ethernet address of the actual wireless port MAC, which I just added ie., 00:11:22:33:44:55:90, BUT the incoming packets hasthe reply coming from 00:11:22:33:44:55:8E. My questions: Is there a logical explanation for this ?If someone was masquerading as 00:11:22:33:44:55:8E/192.168.1.1 AP, would that not cause a problem with the real AP having 8E as a port(wired port) Can there be NICS on the same network with same mac-address -what happensthen ?Since my wired computer A is connected to the physical 00:11:22:33:44:55:8E port, can someone who is a wireless NIC of the same MAC 00:11:22:33:44:55:8E -hear traffic from my wired computer-which is destined for the router ?Thanks --View this message in context: http://www.nabble.com/send-to-MAC-A% 2C-reply-from-MAC-B%2C-same-IP.-Whats-going-on--- tf3911609.html#a11090445Sent from the Incidents mailing list archive at Nabble.com.---------------------------------------------------------------------- ---This list sponsored by: SPI Dynamics ALERT: .How a Hacker Launches a SQL Injection Attack!.- White PaperIt's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!https://download.spidynamics.com/1/ad/sql.asp? Campaign_ID=70160000000Cn8E ---------------------------------------------------------------------- ----
------------------------------------------------------------------------- This list sponsored by: SPI DynamicsALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E --------------------------------------------------------------------------
Current thread:
- send to MAC A, reply from MAC B, same IP. Whats going on ? curiouscode (Jun 13)
- Re: send to MAC A, reply from MAC B, same IP. Whats going on ? Jason Muskat, GCFA, GCUX, de VE3TSJ (Jun 14)