Re: MAC address spoofing - conflict?

penetrationtestmail@gmail.com pÃÅe v Ãt 15. 08. 2006 v 01:38 +0000:
> Pieter Danhieux wrote:
> > if you spoof the MAC, there are several options:
> > - you ask IP through DHCP -> dhcp server could refuse giving another IP if 
> > the MAC is still active. Depends on the implementation
> > - you set an IP -> if you choose the SAME ip, this will cause problems
> >         -> if you choose another ip, you won't see any problems. All 
> > packets for the authorized client, are going to be discarded by your IP 
> > stack, and all your packets, by his IP stack.
> Right. So it depends on whether a DHCP server is in place, and, if it is, how 
> it is configured?
>
> And if you choose another IP address (manually), it doesn't matter if you 
> have the same MAC as the other client or not... Doesn't this depend on what 
> type of hardware it is? I suppose it depends on what is being used to route 
> the packets, as (if I'm not mistaken) some do this by MAC and others by 
> internal (NATed) IP?

I think it does matter. Because there will be more than host replying to
ARP broadcasts and the question is what will happen.

Lubos Kolouch

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------