('binary' encoding is not supported, stored as-is) I konw many of you want to answer "NO" or "ONLY if you can find the option in the NIC advanced properties", because that's the answer I heard all the time through out my research, However, the answer is: YES!!!!!!!!!! ALMOST ALL NIC CAN BE SPOOFED, EVEN IF MANUFACTURERS DON'T INCLUDE OPTIONS IN THE ADVANCED PROPERTIES. I wrote a detailed instruction on how to change MAC address on Windows 2000 & XP, and you can find it at: http://www.kylelai.com/Change_MAC_w2k.htm I know there was one discussion before, but that thread offered no solutions... I researched for a long time, and I finally discovered the solution through Microsoft MSDN Driver Development Kit (DDK) and Win2K resource kit. I have many people tested my instructions, and I haven't found a NIC that can't be spoofed. Not to say there isn't one out there. The method is to call a DDK function - NdisReadNetworkAddress. NdisReadNetworkAddress(...) is called by the network adapter driver to obtain a user specified MAC address in the registry. After the driver confirmed that there's a valid MAC address specified in the registry key, the driver then programs the MAC address to its hardware registers to override the burn-in MAC address. Not all manufacturers support this function I heard, but like I said, I haven't seen one NIC that can't be spoofed. I am interested in learning which brand and model can't be spoofed. If you know of any, please send me an email. I think this discovery might not be new to the device driver developers, but it certainly is still a well kept secret to lots of security professionals out there. Therefore, I decided to reveal this secret because there are too many wrong answers out there. I am also writing a free tool, SMAC, to change MAC address on Wnidows 2000 & XP. I basically plan to incorporate the technique I discovered with some other functionalities. SMAC 1.0 is due to release in a few weeks. Please check www.kylelai.com for updates. Cheers, /Kyle Kyle Lai, CISSP, CISA InfoSec Consultant kyleat_private www.kylelai.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Nov 26 2002 - 09:21:40 PST