* Re: [LARTC] Fake hardware address
2002-02-09 9:28 [LARTC] Fake hardware address Adi Nugroho
@ 2002-02-09 9:45 ` Andreas Gietl
2002-02-09 11:06 ` bert hubert
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Andreas Gietl @ 2002-02-09 9:45 UTC (permalink / raw)
To: lartc
On Saturday 09 February 2002 10:28, Adi Nugroho wrote:
well, the hardware adress just matters when you're on the same ethernet. So
you should keep your ethernet clean.
> Helo...
> I need to ask about hardware address....
>
> As we knew, we can block connection based on Hardware address.
> But how if the "thief" using fake hardware address?
> Means, he/she change their hardware address mannually?
>
> Is there a way to block it?
>
> Thank you for your help.
>
> Regards,
> Adi Nugroho
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
--
e-admin internet gmbh
Andreas Gietl
Roter-Brach-Weg 124a
tel +49 941 3810884
fax +49 941 3810891
mobil +49 171 6070008
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [LARTC] Fake hardware address
2002-02-09 9:28 [LARTC] Fake hardware address Adi Nugroho
2002-02-09 9:45 ` Andreas Gietl
@ 2002-02-09 11:06 ` bert hubert
2002-02-09 13:34 ` ewan
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: bert hubert @ 2002-02-09 11:06 UTC (permalink / raw)
To: lartc
On Sat, Feb 09, 2002 at 05:28:04PM +0800, Adi Nugroho wrote:
> Helo...
> I need to ask about hardware address....
>
> As we knew, we can block connection based on Hardware address.
> But how if the "thief" using fake hardware address?
> Means, he/she change their hardware address mannually?
Supposedly there are cards out there which have a truly fixed mac address.
Some wireless lan cards have this. However, you would then need to be sure
that nobody sneaks in their own network adaptor.
Regards,
bert
--
http://www.PowerDNS.com Versatile DNS Software & Services
http://www.tk the dot in .tk
Netherlabs BV / Rent-a-Nerd.nl - Nerd Available -
Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [LARTC] Fake hardware address
2002-02-09 9:28 [LARTC] Fake hardware address Adi Nugroho
2002-02-09 9:45 ` Andreas Gietl
2002-02-09 11:06 ` bert hubert
@ 2002-02-09 13:34 ` ewan
2002-02-10 2:42 ` Re[2]: " Will Lotto
2002-02-11 12:39 ` Ard van Breemen
4 siblings, 0 replies; 6+ messages in thread
From: ewan @ 2002-02-09 13:34 UTC (permalink / raw)
To: lartc
:
> > Helo...
> > I need to ask about hardware address....
if you have two cards with identical mac addresses on your network, will
they work together? surely one will get an error?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re[2]: [LARTC] Fake hardware address
2002-02-09 9:28 [LARTC] Fake hardware address Adi Nugroho
` (2 preceding siblings ...)
2002-02-09 13:34 ` ewan
@ 2002-02-10 2:42 ` Will Lotto
2002-02-11 12:39 ` Ard van Breemen
4 siblings, 0 replies; 6+ messages in thread
From: Will Lotto @ 2002-02-10 2:42 UTC (permalink / raw)
To: lartc
Yes, they do throw up an error.
... Both cards believe the packets are destined for them. ...
basically, they'll fight :)
To take a mac address, one needs to wait for a PC to go offline (or
take a PC offline), then steal the MAC. ... Stealing the MAC is very
easy, intel network cards let you SET the MAC in windows (under
advanced settings) ... in linux, there are programs that can do it,
which work with most cards.
As for protection, I don't believe there is a simple way to
protect against such an attack ... Encryption? :)
Will
> :
>> > Helo...
>> > I need to ask about hardware address....
> if you have two cards with identical mac addresses on your network, will
> they work together? surely one will get an error?
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
---
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [LARTC] Fake hardware address
2002-02-09 9:28 [LARTC] Fake hardware address Adi Nugroho
` (3 preceding siblings ...)
2002-02-10 2:42 ` Re[2]: " Will Lotto
@ 2002-02-11 12:39 ` Ard van Breemen
4 siblings, 0 replies; 6+ messages in thread
From: Ard van Breemen @ 2002-02-11 12:39 UTC (permalink / raw)
To: lartc
On Sun, Feb 10, 2002 at 01:42:48PM +1100, Will Lotto wrote:
> Yes, they do throw up an error.
I don't think they throw up.
> ... Both cards believe the packets are destined for them. ...
> basically, they'll fight :)
Only a tcp/ip stack might consider that. Probably windows and solaris
will bug you with it.
Basically the tcp/ip stack should ignore packets that are not destined
for them. So if two computers with the same mac address have different
ip addresses, I really don't see what the problem can be, unless your
stack does special checking for that, and for linux that is considered
userspace stuff. So a normal linux box would not choke in a network with
machines with the same mac address.
If you get in any trouble it is caused by a switch, because a switch
will not be able to handle a network where more than one machine has
the same address...
So experiment only on hubs with this...
> To take a mac address, one needs to wait for a PC to go offline (or
> take a PC offline), then steal the MAC. ... Stealing the MAC is very
> easy, intel network cards let you SET the MAC in windows (under
> advanced settings) ... in linux, there are programs that can do it,
> which work with most cards.
As a matter of fact: for standard ethernet drivers, just getting the MAC
address from the eeprom can be very hard. Especially if you do not want
to resort to busy waiting.
For ethernet, there is no such thing as hardwired hardware addresses.
Just to proof the point: for the lp486e driver you *need* to set the
address by hand using ifconfig hw ether, or ip link set address, because
it is to hard to get that assigned mac address from the BIOS.
> As for protection, I don't believe there is a simple way to
> protect against such an attack ... Encryption? :)
Use switches that can "hardwire" a mac to a specific port. Then you will
certainly know that a certain ether address came from a certain port.
Next thing you do is turn of arp, and hardwire each host in your arp
table.
Now you are pretty save...
--
<ard@telegraafnet.nl> Telegraaf Elektronische Media http://wwwijzer.nl
http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html
Let your government know you value your freedom. Sign the petition:
http://petition.eurolinux.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
^ permalink raw reply [flat|nested] 6+ messages in thread