|
-
March 14th, 2003, 07:07 PM
#11
You right... I did use arp -s option.
Good Search! 
Yeah I guess its that bug.... I hope I will be able to find a way to fix it... maybe installing the latest SP/Patches will help.
Thanks All!!
-
March 14th, 2003, 07:07 PM
#12
You right... I did use arp -s option.
Good Search!
Yeah I guess its that bug.... I hope I will be able to find a way to fix it... maybe installing the latest SP/Patches will help.
Thanks All!!
-
March 14th, 2003, 08:02 PM
#13
a static arp entry is used to define the MAC address of another host on the network. It has nothing to do with being able to choose your own MAC address because if you did that, your network connectivity would essentially be lost.
Perhaps you could read this:
www.sentryinformation.com/library/networking/ Non-blind_Session_Hijacking.doc
-
March 14th, 2003, 08:02 PM
#14
a static arp entry is used to define the MAC address of another host on the network. It has nothing to do with being able to choose your own MAC address because if you did that, your network connectivity would essentially be lost.
Perhaps you could read this:
www.sentryinformation.com/library/networking/ Non-blind_Session_Hijacking.doc
-
March 26th, 2003, 07:27 AM
#15
Member
http://www.klcconsulting.net/Change_MAC_w2k.htm
This answer your question .
Changing your own MAC address , yes it 's possible .
In a switch Network , doing this might be tricky . My Cnet switch crash when it learns that there is a same MAC Address for 2 port . Some other Switch won't ( include my company Cisco 2950) .
I 've faked the Mac address and the IP address of the default-gateway, hence redirect all Internet-destined traffic to my computer. Sometime i do this to observe what my staffs often do when they 're online (in 2 or 3 minutes of course ) . One more thing , i have to write a small script pinging every host of the Network , to fool them i am the default gateway (exploit of ARP table and prevent the entry from timing out) .
What if some one in my firm do this ? i absolutely have no clue to answer this question .
Let\'s go to Paramount Great America !!!! LFC (LookingForChick)
-
March 26th, 2003, 06:12 PM
#16
Well, wel, well,
it seems that some guys around here does not understand what ARP aims to!
It seems that 'arp'-command reads the 'real' MAC-address from adapter and discards the one you've given.
For your information, on a broadcast domain such as ethernet medium host needs to know about the remote host they want to communicate with. In an other word they have to resolve the distant MAC address.
Most application are using IP and ARP is aprotocol design to resolve the MAC address of an host you know the IP@.
A first packet is sent in a broadcast way (ARP request) this packet says "I am looking for the MAC address of PC with IP xxx ". )
Broadcast frames by pass the ethernet driver to the uper level stacks. There the ARP stack will respond if & only if the IP xxx is their own.
An ARP reply is sent back to the origine in unicast manner saying "I am the one, my MAC address is xxx".
Then the IPtoMAC table is fulfilled with the associated MAC & IP @ .
When you type arp -a you see the IPtoMAC table.
[shadow] SHARING KNOWLEDGE[/shadow]
-
April 1st, 2003, 04:55 AM
#17
Member
The MAC address is created to be a unique unchanging value directly burnt into your NIC card. I dont even see how changing your MAC address is possible. The MAC address is needed, tables and such are based on that MAC address, to change that address would create some problems. There may be a way of cloaking the MAC address. But ive not heard of a way to change it.
I will have to read up on what yuna_admirer has to offer, its completely new to me.
The End Justifies The Means...
-
April 1st, 2003, 06:32 AM
#18
Member
like rdev say,
$arp -s host mac
and...
if u wanna learn more about arp poison tricks, try ettercap at http://ettercap.sourceforge.net/ or dsniff at
http://naughty.monkey.org/~dugsong/dsniff/
Enjoy it!
groby
-
April 1st, 2003, 09:57 AM
#19
brandon64_99 wrote:
I dont even see how changing your MAC address is possible.
Forging the MAC source address may be very helpful to an attacker. That's call ARP or MAC poisining.
I advise you to read a tut I wrote few month ago: hhttp://www.antionline.com/showthrea...hreadid=237836
As grobyccil wrote DSNIFF is a software of great interest for forging spoof MAC addresses. It's obvious that these type of attacks are restricted to the ethernet media where the attacker host is located, but the attack could bounce on a victim host thanks to bots/zombie. Therefore this threat had to be taken under consideration very seriously
[shadow] SHARING KNOWLEDGE[/shadow]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote