Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: MAC address spoofing - conflict?

from [Cedric Blancher] Network Security [Permanent Link]
Subject: Re: MAC address spoofing - conflict?
Date: Tue, 29 Aug 2006 13:38:25 +0700 
Le lundi 28 août 2006 à 13:06 +0200, Fabio Nigi a écrit :

i think that the routing table of the switch is being taken on the MAC
address until the disconnection of host1.


Ethernet switches do not have routing tables. Routing tables are for
routers, as for routing IP packets. Ethernet switches do not know about
IP. Ethernet switches have CAM tables, that basicly are MAC/port
associations tables.


For example, let's take MAC1 (connected) and Attacker. If Attacker
spoof the MAC address of MAC1, he can try to change it with
macchanger, but he will not be really connected until the other client
will be connected to the AP. So Attacker need to use some
disconnection-tool (aircrack for example) and before that MAC1 try to
reconnect, must connect to the AP with his MAC address.


What does aircrack have to do with ethernet switches ?!

By the way, if you're speaking of WiFi, then no, no and no, there's no
need of anything particular in order to spoof a MAC address as explained
multiple times before (read entire thread).

If MAC1 associate to the AP, then attacker can spoof MAC1 as well
without need of associating himself because MAC1 is already associated.
If attacker associates himself, then it's no big deal. AP will indeed
reassociate MAC1 and no problem. Again, an AP does not work like a
switch, it works like a hub. And on a hub, you can seamlessly spoof MAC
addresses. Just test! See for yourself! Find a cheap AP or hub and do
it.

Having to deassociate a client in order to spoof its MAC address is
urban legend. Period.


[1] Not speaking of Layer3 switches that have routing capabilities and
    are more alike ethernet switch _and_ router...

-- 
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE

Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Packet Payload, xelerated
Next by Date:  RE: Packet Payload, Hirsch, Adam
Previous by Thread:  Re: MAC address spoofing - conflict?, Fabio Nigi
Next by Thread:  xss....what next???, Ahmad N
Indexes:  [Date] [Thread] [Top] [All Lists]