Penetration Testing mailing list archives

Re: [PEN-TEST] Change MAC Address

From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Tue, 5 Dec 2000 20:11:32 -0800

On Tue, 5 Dec 2000, Ryan Permeh wrote:

This is not specifically true.  MAC addresses, even those burned on the
card, can be changed unilaterly.  An NDIS intermediate mode driver could be
crafted to modify MAC addresses in packets before being written to the wire
or conversely passed up the stack.  NDIS drivers allow direct reads and
writes from the wire


That's probably a practical truth nowadays, but it's not strictly 100%
true for every NIC.  Many years ago I used to help maintain a DECNet
network.  DECNet addressing works by changing the MAC address to a form of
the DECNet address, starting with AA000400xxxx.  The point being that
Cards that could work with DECNet had to allow for MAC address changes.
Not all could.  Some card interfaces only allow for feeding the data
portion of a frame, and they filled in the headers themselves.  Such cards
would only support certain frame types as well.

Again, a bit of a moot point now, probably for the last several years.

                                        Ryan

Current thread:

Re: [PEN-TEST] Change MAC Address, (continued)
- - Re: [PEN-TEST] Change MAC Address Arturo Busleiman (Dec 07)
- Re: [PEN-TEST] Change MAC Address Chris Winter (Dec 05)
- Re: [PEN-TEST] Change MAC Address Bruno Taranto Alvim (Dec 05)
- Re: [PEN-TEST] Change MAC Address Alex Butcher (Dec 06)
- Re: [PEN-TEST] Change MAC Address Dunker, Noah (Dec 05)
  - Re: [PEN-TEST] Change MAC Address Jose Nazario (Dec 05)
- Re: [PEN-TEST] Change MAC Address Jonathan Johnson (Dec 05)
  - Re: [PEN-TEST] Change MAC Address Jason Poley (Dec 05)
- Re: [PEN-TEST] Change MAC Address Marin, Marvin (Dec 06)
  - Re: [PEN-TEST] Change MAC Address Ryan Permeh (Dec 06)
    - Re: [PEN-TEST] Change MAC Address Ryan Russell (Dec 06)