From: Ard van Breemen <ard@telegraafnet.nl>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Fake hardware address
Date: Mon, 11 Feb 2002 12:39:46 +0000 [thread overview]
Message-ID: <marc-lartc-101343120622547@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101324744330399@msgid-missing>
On Sun, Feb 10, 2002 at 01:42:48PM +1100, Will Lotto wrote:
> Yes, they do throw up an error.
I don't think they throw up.
> ... Both cards believe the packets are destined for them. ...
> basically, they'll fight :)
Only a tcp/ip stack might consider that. Probably windows and solaris
will bug you with it.
Basically the tcp/ip stack should ignore packets that are not destined
for them. So if two computers with the same mac address have different
ip addresses, I really don't see what the problem can be, unless your
stack does special checking for that, and for linux that is considered
userspace stuff. So a normal linux box would not choke in a network with
machines with the same mac address.
If you get in any trouble it is caused by a switch, because a switch
will not be able to handle a network where more than one machine has
the same address...
So experiment only on hubs with this...
> To take a mac address, one needs to wait for a PC to go offline (or
> take a PC offline), then steal the MAC. ... Stealing the MAC is very
> easy, intel network cards let you SET the MAC in windows (under
> advanced settings) ... in linux, there are programs that can do it,
> which work with most cards.
As a matter of fact: for standard ethernet drivers, just getting the MAC
address from the eeprom can be very hard. Especially if you do not want
to resort to busy waiting.
For ethernet, there is no such thing as hardwired hardware addresses.
Just to proof the point: for the lp486e driver you *need* to set the
address by hand using ifconfig hw ether, or ip link set address, because
it is to hard to get that assigned mac address from the BIOS.
> As for protection, I don't believe there is a simple way to
> protect against such an attack ... Encryption? :)
Use switches that can "hardwire" a mac to a specific port. Then you will
certainly know that a certain ether address came from a certain port.
Next thing you do is turn of arp, and hardwire each host in your arp
table.
Now you are pretty save...
--
<ard@telegraafnet.nl> Telegraaf Elektronische Media http://wwwijzer.nl
http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html
Let your government know you value your freedom. Sign the petition:
http://petition.eurolinux.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
prev parent reply other threads:[~2002-02-11 12:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-02-09 9:28 [LARTC] Fake hardware address Adi Nugroho
2002-02-09 9:45 ` Andreas Gietl
2002-02-09 11:06 ` bert hubert
2002-02-09 13:34 ` ewan
2002-02-10 2:42 ` Re[2]: " Will Lotto
2002-02-11 12:39 ` Ard van Breemen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-101343120622547@msgid-missing \
--to=ard@telegraafnet.nl \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.