changing mac address?

Viewing 5 reply threads
  • Author
    Posts
    • #3495
      ddaavnid
      Participant

      sorry for the long post. hopefully it dosnt discourage anyone from helping me out. thanks alot.

      so ive been given some recourses to study and get started on ethical hacking. ive been reading up on the tcp/ip guide and been checking out other stuff to get started on pen testing. and ive be using VMWare ESXi on my other laptop to simulate a network. ive been told that hackers leave a trace with there mac address, making changing your ip pointless if youre trying to be stealth im guessing. i checked out how to change my mac address and some places say you cant becuase the driver wont let me on windows vista. and some say that you can. ive tried through regedt32, i enabled and disabled my NIR, and rebooted. the mac still has not changed. how would i bypass what ever it is that my driver wont let me do? and how would i find out who was trying to get in my simulated network? also if someone were to change/spoof there mac address, how would i find out who they acually are? or would they be completely anonymous? thanks alot.

    • #22850
      timmedin
      Participant

      The mac address only works if the attacking machine is on the same subnet as you, and even then there are ways to spoof/forge/change it (for windows and linux).

      Assuming it is an IP based attack, if you want to trace down a rogue mac address you only have a little time. The arp translation (IP Address to MAC Address mapping) is only kept for a few minutes to an hour on the machine and on networking gear, so if the attack has stopped you have to be fast.

      To trace a mac address back you have to have managed network gear that allows you to query the CAM table. The CAM table stores the MAC address to Port mapping.

      If you have cisco gear you can use the command below find a specific mac address where 0000.1111.2222 is the mac address in question.

      show mac-address-table | include 0000.1111.2222

      I don’t know how to query the CAM Table in a VMWare virtual switch.

      Hope that helps.

    • #22851
      ddaavnid
      Participant

      ok cool. i will see if i can figure out how to gain accesss to the cam table. is there any way to change the mac on vista so i can test it out? and you said that the mac only works when the attacking machine is in the same sumnet as you, so when you say rogue mac address are you saying that mac is masked? thanks dude

    • #22852
      Ketchup
      Participant

      There are a couple of good tools that automate the registry entry changes, smac and amac are two I know of.  Neither of these worked on Vista when I briefly had it on my laptop and I “downgraded” back to XP.  Changing  your MAC in Linux is very easy.

    • #22853
      timmedin
      Participant

      @ddaavnid wrote:

      and you said that the mac only works when the attacking machine is in the same sumnet as you, so when you say rogue mac address are you saying that mac is masked? thanks dude

      If another machine is on the same subnet as you then the Layer 2 (MAC) address of each machine is seen by the other.

      If they are on a different subnet they the need to go through a layer three device, usually a router, in order to talk to each other. The layer 3 device is the gateway to the other network. The traffic destined for another network is sent to and received from  the MAC address of the gateway (router).

      Hope that helps.

    • #22854
      ddaavnid
      Participant

      cool thanks guys. when ever i get my hands on some sort of linux ill be able to explore with that some more.

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?