From owner-freebsd-security Mon Dec 11 4:58: 2 2000 From owner-freebsd-security@FreeBSD.ORG Mon Dec 11 04:57:57 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from master.mddsg.com (cc721767-a.hwrd1.md.home.com [24.180.128.61]) by hub.freebsd.org (Postfix) with ESMTP id 4253637B400 for ; Mon, 11 Dec 2000 04:57:57 -0800 (PST) Received: from galifrey (dyn4 [192.168.2.204]) by master.mddsg.com (8.9.3/8.9.3) with SMTP id HAA26537; Mon, 11 Dec 2000 07:57:45 -0500 (EST) (envelope-from erickson@mddsg.com) Message-ID: <001001c06371$ece41a00$cc02a8c0@columbia.mentis.org> From: "David Erickson" To: "Jeff Fulton" , "Roman Shterenzon" Cc: References: <020401c06370$1ca77f40$2001a8c0@amoeba> Subject: Re: MAC Address Date: Mon, 11 Dec 2000 07:57:32 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On a cisco switch the proper way to get around that would be to have the original and it's duplicate on a spanning ports for eachother that way the switch wouldn't care it would always send the packets to both ports and only one would respond at any given time. But Fortunately i dont have to worry about that because i have a stupid Netgear switch at home which really seems to not care what i do mac address wise. It picks up on the changes almost instantly. Dave ----- Original Message ----- From: "Jeff Fulton" To: "Roman Shterenzon" ; "David Erickson" Cc: Sent: Monday, December 11, 2000 7:44 AM Subject: Re: MAC Address > The switch learns your location when it processes a packet sent by you. > Once you're in the station cache, you'll get timed out if you don't send > anything for a minute or two. If a rogue duplicate sends something, the > station cache will be modified to point to him. Of course, it may change > straight back if the real owner transmits something again. > > I don't think both the rogue and the duplicate can be in the station cache > at the same time. > > Regards, > jeff Fulton > > > > ----- Original Message ----- > From: "Roman Shterenzon" > To: "David Erickson" > Cc: > Sent: Monday, December 11, 2000 6:16 PM > Subject: Re: MAC Address > > > > On Mon, 11 Dec 2000, David Erickson wrote: > > > > > > Sounds to me all this is just_slightly_unethical_if > > > > _not_bordering_on_illegal. This is a topic for a security mailing > list? > > > > I thought we were here to boost network security, not circumvent it. > > > > Just a network technician's opinion. > > > > > > How is it unethical to change ones MAC address? First of all a MAC > address > > > is only used on your local LAN segment. MAC Addresses do not traverse > over > > > IP. Once your traffic hits a router the traffic is then relayed. ARP > is > > > > The most interesting question is if I know some mac address on a switched > > network and then I set my mac address to this address, if some switches > > _will_ deliver packets to me as well? It might be interesting sniffing > > strategy on a switched network if some switches work this way. > > Thoughts? > > > > --Roman Shterenzon, UNIX System Administrator and Consultant > > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message