Date: Mon, 11 Dec 2000 07:57:32 -0500 From: "David Erickson" <erickson@mddsg.com> To: "Jeff Fulton" <jefff@fulton.net.au>, "Roman Shterenzon" <roman@xpert.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: MAC Address Message-ID: <001001c06371$ece41a00$cc02a8c0@columbia.mentis.org> References: <Pine.LNX.4.30.0012110914240.12823-100000@jamus.xpert.com> <020401c06370$1ca77f40$2001a8c0@amoeba>
next in thread | previous in thread | raw e-mail | index | archive | help
On a cisco switch the proper way to get around that would be to have the original and it's duplicate on a spanning ports for eachother that way the switch wouldn't care it would always send the packets to both ports and only one would respond at any given time. But Fortunately i dont have to worry about that because i have a stupid Netgear switch at home which really seems to not care what i do mac address wise. It picks up on the changes almost instantly. Dave ----- Original Message ----- From: "Jeff Fulton" <jefff@fulton.net.au> To: "Roman Shterenzon" <roman@xpert.com>; "David Erickson" <erickson@mddsg.com> Cc: <freebsd-security@FreeBSD.ORG> Sent: Monday, December 11, 2000 7:44 AM Subject: Re: MAC Address > The switch learns your location when it processes a packet sent by you. > Once you're in the station cache, you'll get timed out if you don't send > anything for a minute or two. If a rogue duplicate sends something, the > station cache will be modified to point to him. Of course, it may change > straight back if the real owner transmits something again. > > I don't think both the rogue and the duplicate can be in the station cache > at the same time. > > Regards, > jeff Fulton > > > > ----- Original Message ----- > From: "Roman Shterenzon" <roman@xpert.com> > To: "David Erickson" <erickson@mddsg.com> > Cc: <freebsd-security@FreeBSD.ORG> > Sent: Monday, December 11, 2000 6:16 PM > Subject: Re: MAC Address > > > > On Mon, 11 Dec 2000, David Erickson wrote: > > > > > > Sounds to me all this is just_slightly_unethical_if > > > > _not_bordering_on_illegal. This is a topic for a security mailing > list? > > > > I thought we were here to boost network security, not circumvent it. > > > > Just a network technician's opinion. > > > > > > How is it unethical to change ones MAC address? First of all a MAC > address > > > is only used on your local LAN segment. MAC Addresses do not traverse > over > > > IP. Once your traffic hits a router the traffic is then relayed. ARP > is > > > > The most interesting question is if I know some mac address on a switched > > network and then I set my mac address to this address, if some switches > > _will_ deliver packets to me as well? It might be interesting sniffing > > strategy on a switched network if some switches work this way. > > Thoughts? > > > > --Roman Shterenzon, UNIX System Administrator and Consultant > > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001001c06371$ece41a00$cc02a8c0>