Penetration Testing mailing list archives
Re: MAC address spoofing - conflict?
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Tue, 29 Aug 2006 13:38:25 +0700
Le lundi 28 août 2006 à 13:06 +0200, Fabio Nigi a écrit :
i think that the routing table of the switch is being taken on the MAC address until the disconnection of host1.
Ethernet switches do not have routing tables. Routing tables are for routers, as for routing IP packets. Ethernet switches do not know about IP. Ethernet switches have CAM tables, that basicly are MAC/port associations tables.
For example, let's take MAC1 (connected) and Attacker. If Attacker spoof the MAC address of MAC1, he can try to change it with macchanger, but he will not be really connected until the other client will be connected to the AP. So Attacker need to use some disconnection-tool (aircrack for example) and before that MAC1 try to reconnect, must connect to the AP with his MAC address.
What does aircrack have to do with ethernet switches ?!
By the way, if you're speaking of WiFi, then no, no and no, there's no
need of anything particular in order to spoof a MAC address as explained
multiple times before (read entire thread).
If MAC1 associate to the AP, then attacker can spoof MAC1 as well
without need of associating himself because MAC1 is already associated.
If attacker associates himself, then it's no big deal. AP will indeed
reassociate MAC1 and no problem. Again, an AP does not work like a
switch, it works like a hub. And on a hub, you can seamlessly spoof MAC
addresses. Just test! See for yourself! Find a cheap AP or hub and do
it.
Having to deassociate a client in order to spoof its MAC address is
urban legend. Period.
[1] Not speaking of Layer3 switches that have routing capabilities and
are more alike ethernet switch _and_ router...
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Re: MAC address spoofing - conflict?, (continued)
- Re: MAC address spoofing - conflict? Michael Dieroff (Aug 21)
- Re: MAC address spoofing - conflict? Cedric Blancher (Aug 21)
- Re: MAC address spoofing - conflict? dogten (Aug 21)
- R: MAC address spoofing - conflict? Sebastian Zdrojewski (Aug 21)
- RE: MAC address spoofing - conflict? Upadhyaya, Vijay (Aug 23)
- Re: MAC address spoofing - conflict? penetrationtestmail (Aug 16)
- Re: MAC address spoofing - conflict? Gavin White (Aug 21)
- Re: MAC address spoofing - conflict? Christopher 's1n' Durkin (Aug 23)
- Re: MAC address spoofing - conflict? penetrationtestmail (Aug 28)
- Re: MAC address spoofing - conflict? Fabio Nigi (Aug 28)
- Re: MAC address spoofing - conflict? Cedric Blancher (Aug 29)
- Re: MAC address spoofing - conflict? Fabio Nigi (Aug 28)