On Mon, 6 May 2002, kumar mahadevan wrote: > 1. ARP spoofing. > 2. MAC flooding. > 3. MAC Duplicating. > > number 2 is not an option. > number 1 is ok except I did not want risk breaking > Network connectivity even after enabling IP > Forwarding. You take just about as much chance of breaking connectivity with number 3 as you do with number 1, it depends on the switch. BTW, do you know what brand of switch you're dealing with? Software rev? > numer 3 is "supposed to be the easiest" since one just > changes to the NIC. Also according to this article > there is no need to ARP Spoof, if using MAC > Duplicating. > > -----> Hence, back to the original question: > Even though your answer makes sense as well (although > the victim computer has lost NO connectivity yet. The > victim whose MAC address I have duplicated on my RH 7 > box has full network connectivity, still) When you duplicate someone's MAC address, you're essentially trying to fool the switch into thinking that you're the machine you're trying to monitor, and get the switch to forward the traffic to you. Some switched only allow a MAC address to be on one port (or sometimes one port within a VLAN.) If that's the case, then you will get your victim's traffic, and it won't. Some switches will send the traffic to both places (the only real situation where this will work the way you want.) Keep in mind that for a switch to even begin to think that the machine has changed ports, you must transmit something with that MAC address as the layer 2 source address. ARPs would be fine, but it can be anything. So, to try this out, you have to change your MAC AND start transmitting. But, you should plan on the victim being cut off unless you've been able to determine how your switch will react. Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon May 06 2002 - 16:45:02 PDT