Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: MAC - Spoofing

  1. #1

    MAC - Spoofing

    Hello...

    I have a univ - project to do a Denial of Service attack to a WLAN.
    The way i should do this is by setting up a 'fake Acces Point', get the same MAC address of the real Acces Point and broadcast to all logged in users that they cannot connect to the network anymore.

    Firtst problem: changing MAC address: i found a program written in C++ to spoof a MAC, but I have to write the hack-program in java... so anybody has a clue? i can't find it in java...
    in c++ it looks like this
    #include <sys/ioctl.h>
    mc_net_info_set_mac (net_info_t *net, const mac_t *mac)
    {
    int i;

    for (i=0; i<6; i++) {
    net->dev.ifr_hwaddr.sa_data[i] = mac->byte[i];
    }

    if (ioctl(net->sock, SIOCSIFHWADDR, &net->dev) < 0) {
    perror ("ERROR: Can't change MAC: interface up or not permission");
    return -1;
    }

    return 0;
    }
    full source available at http://www.alobbs.com/modules.php?op...acc&file=index

    Second problem: i don't know what and how to broadcast ( of course i'm still searching myself )

    Third problem: In our university city we all have direct acces to a university network and i know some students are able to break in into my Pc via that network. So do u know any GOOD sites where i can get information how they do that/how i can prevent it.
    The following statement is correct.
    The previous statement is false.

  2. #2
    Forgot to tell: I use (gentoo) Linux
    The following statement is correct.
    The previous statement is false.

  3. #3
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    For the MAC program, can you use JNI? If you can, just call this C program from Java (Cheating, I know, but what the hell). Otherwise, I don't think java has anything that goes all the way to the MAC layer, only TCP and UDP protocols are supported in java.net.* .

    As to what to broadcast, you might want to look into poisoning the ARP cache and just not forward any of the packets that you receive (I might be talking through my hat on the second one, I only have a very basic understanding of how it works).

    As for the third one, this site!!! Just search the newbie security forums, they rock!!!

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  4. #4
    Thx a lot!

    Yes, I can use JNI (phew).

    The ARP cashe poisoning would probably work, but i can not do it like that:
    I HAVE TO send a disconnect message to all logged in users. I searched the net and only found this: you can first grab a disconnect message from the access point and then keep on resending it. Little problem: how the hell can i grab a disconnect message without doing a serversided DoS??
    So if anybody knows how a disconnect message looks like and whether it's the same for every wireless access point, let me know.
    The following statement is correct.
    The previous statement is false.

  5. #5
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Originally posted here by paranoid_sonic
    [B]Thx a lot!

    Yes, I can use JNI (phew).

    The ARP cashe poisoning would probably work, but i can not do it like that:
    I HAVE TO send a disconnect message to all logged in users.
    Not necessairly. Many systems, unless configured not to, will accept a gratituitous ARP. Meaning that even if they have the ARP entry, if they see the ARP broadcast with a new MAC, they will take it, whether they had it or not... This is one of the big things that DSNIFF takes advantange of.


    Seems kind of a strange project to DoS wireless, but I would think your traditional type of DoS attacks would be much simpler...for example, smurf (spoofed ping to broadcast with WAP as source), maybe some bad routing advice (kind of depends on what they are using and whether or not it is static)...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    You have a university project to DoS a WAN? what are you studying?
    Quis custodiet ipsos custodes

  7. #7
    Civil engineer... project includes wep-cracker and dos attack.
    The following statement is correct.
    The previous statement is false.

  8. #8
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Don`t civil engineers build bridges and design roads?
    Quis custodiet ipsos custodes

  9. #9
    LOL
    yes, some of them do...
    but while studying for civil engineer you can choose (after the second year): chemistry, computer science, mechanics, elektrotechnics, etc...
    The following statement is correct.
    The previous statement is false.

  10. #10
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Ok, just checking, the civil engineers I know do indeed build bridges and roads.

    Back to you original question, is the hardware you are going against from one particular vendor? or a mix?

    Th ARP cache poisoning as explained, should work, or just create a lot of wireless noise to disrupt the wireless signal (a really big microwave oven would work..). On a more serious note, you need to flood the network with "disassocate" commands. An easy approach might be to take a look at HostAP, this is a driver that allows you to turn your machine into an access point, and may come with the ability to send out the disassociate command (not to sure, haven`t played with it very much).

    To actually get the command I think you will need to dig into the RFC's relating to wireless, I`ll see if I can find anything for you (doing some wireless work at the moment)
    Quis custodiet ipsos custodes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •