From owner-freebsd-security Mon Dec 11 4:44:24 2000 From owner-freebsd-security@FreeBSD.ORG Mon Dec 11 04:44:22 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from sr14.nsw-remote.bigpond.net.au (unknown [24.192.3.29]) by hub.freebsd.org (Postfix) with ESMTP id C0B0A37B400 for ; Mon, 11 Dec 2000 04:44:20 -0800 (PST) Received: from fulton.net.au (CPE-144-132-180-48.nsw.bigpond.net.au [144.132.180.48]) by sr14.nsw-remote.bigpond.net.au (Pro-8.9.3/8.9.3) with SMTP id XAA20171; Mon, 11 Dec 2000 23:44:14 +1100 (EDT) Received: from amoeba (dhcp32.fulton.net.au [192.168.1.32]) by fulton.net.au (8.11.1/8.11.1) with SMTP id eBBCiAN08867; Mon, 11 Dec 2000 23:44:12 +1100 (EST) (envelope-from jefff@fulton.net.au) Message-ID: <020401c06370$1ca77f40$2001a8c0@amoeba> From: "Jeff Fulton" To: "Roman Shterenzon" , "David Erickson" Cc: References: Subject: Re: MAC Address Date: Mon, 11 Dec 2000 23:44:30 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The switch learns your location when it processes a packet sent by you. Once you're in the station cache, you'll get timed out if you don't send anything for a minute or two. If a rogue duplicate sends something, the station cache will be modified to point to him. Of course, it may change straight back if the real owner transmits something again. I don't think both the rogue and the duplicate can be in the station cache at the same time. Regards, jeff Fulton ----- Original Message ----- From: "Roman Shterenzon" To: "David Erickson" Cc: Sent: Monday, December 11, 2000 6:16 PM Subject: Re: MAC Address > On Mon, 11 Dec 2000, David Erickson wrote: > > > > Sounds to me all this is just_slightly_unethical_if > > > _not_bordering_on_illegal. This is a topic for a security mailing list? > > > I thought we were here to boost network security, not circumvent it. > > > Just a network technician's opinion. > > > > How is it unethical to change ones MAC address? First of all a MAC address > > is only used on your local LAN segment. MAC Addresses do not traverse over > > IP. Once your traffic hits a router the traffic is then relayed. ARP is > > The most interesting question is if I know some mac address on a switched > network and then I set my mac address to this address, if some switches > _will_ deliver packets to me as well? It might be interesting sniffing > strategy on a switched network if some switches work this way. > Thoughts? > > --Roman Shterenzon, UNIX System Administrator and Consultant > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message