Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

send to MAC A, reply from MAC B, same IP. Whats going on ?

from [curiouscode] Network Security [Permanent Link]
Subject: send to MAC A, reply from MAC B, same IP. Whats going on ?
Date: Tue, 12 Jun 2007 17:33:54 -0700 (PDT) 

I have a linksys wireless AP and router. I have been monitoring my ethernet
traffic on the wireless laptop (cant put the card into promiscuous mode), so
I know I cant see all the traffic that is out there.
I have WEP and I know its trivial to break it, I am suspicious it has been
broken, but I have not changed the key- because I need to prove it to my SO
that we need to get WAP.

I noticed something odd yesterday. This is my configuration: 1 wireless
laptop A, one computer wired directly connected to router with cable, B
router ip: 192.168.1.1
Wireless PORT on the router: 00:11:22:33:44:55:90
Port to which wired Computer B is connected: 00:11:22:33:44:55:8E

Arp table on wireless computer shows: 192.168.1.1 -->00:11:22:33:44:55:8E
since the MAC address is that of the wired port, I was wondering what is
going on, so I made a static arp entry in wireless comp A 
192.168.1.1 -->00:11:22:33:44:55:90

Something I did not expect happened,as I watehced the packets with ethereal.
My outgoing packets has ethernet address of the actual wireless port MAC,
which I just added ie., 00:11:22:33:44:55:90, BUT the incoming packets has
the reply coming from 00:11:22:33:44:55:8E.

My questions:
Is there a logical explanation for this ?
If someone was masquerading as 00:11:22:33:44:55:8E/192.168.1.1 AP, would
that not cause a problem with the real AP having 8E as a port(wired port) 
Can there be NICS on the same network with same mac-address -what happens
then ?
Since my wired computer A is connected to the physical 00:11:22:33:44:55:8E
port, can someone who is a wireless NIC of the same MAC 00:11:22:33:44:55:8E
-hear traffic from my wired computer-which is destined for the router ?

Thanks

-- 
View this message in context: 
http://www.nabble.com/send-to-MAC-A%2C-reply-from-MAC-B%2C-same-IP.-Whats-going-on---tf3911609.html#a11090445
Sent from the Incidents mailing list archive at Nabble.com.


-------------------------------------------------------------------------
This list sponsored by: SPI Dynamics

ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper 
It's as simple as placing additional SQL commands into a Web Form input box 
giving hackers complete access to all your backend systems! Firewalls and IDS 
will not stop such attacks because SQL Injections are NOT seen as intruders. 
Download this *FREE* white paper from SPI Dynamics for a complete guide to 
protection! 

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Re: send to MAC A, reply from MAC B, same IP. Whats going on ?, Jason Muskat, GCFA, GCUX, de VE3TSJ
Next by Thread:  Re: send to MAC A, reply from MAC B, same IP. Whats going on ?, Jason Muskat, GCFA, GCUX, de VE3TSJ
Indexes:  [Date] [Thread] [Top] [All Lists]