In article <[EMAIL PROTECTED]>, dman <[EMAIL PROTECTED]> wrote: >On Sun, Oct 07, 2001 at 02:45:38PM +0200, Miquel van Smoorenburg wrote: >| Even if you use a switch and put MAC address filters on the >| switch an attacker can simply unplug an existing PC / laptop >| and take over its MAC address. > >No, the MAC adress is in the ethernet card, not the outlet in the >wall.
I know. But MAC addresses aren't hardcoded in the ethernet card- they can easily be changed. "ifconfig eth0 hw ether 00:50:56:01:00:00" et voila >I even have actual experience with this. I have taken a laptop >to school. In the 2 labs I spend most of my time in there are no >spare ethernet jacks. I simply unplug one of the 'doze2k boxen and >plug my woody laptop in. Still, even though I brought up the >interface using DHCP and got an IP I could only reach the classs C I >was on, the DNS server, and a certain web site. After talking with >the admin of the labs I learned that ISC only routes host's whose MAC >address is in their database and associated with a username. The web >site I could access is the internal site used to register the MAC with >the username. Now that I have registered the MAC I get routed >properly. But it's easy to forge someone else's mac address. Mike. -- Move sig.
