.

changing mac address?

<<

ddaavnid

Newbie
Newbie

Posts: 10

Joined: Thu Feb 26, 2009 6:41 am

Post Sun Mar 01, 2009 1:36 pm

changing mac address?

sorry for the long post. hopefully it dosnt discourage anyone from helping me out. thanks alot.



so ive been given some recourses to study and get started on ethical hacking. ive been reading up on the tcp/ip guide and been checking out other stuff to get started on pen testing. and ive be using VMWare ESXi on my other laptop to simulate a network. ive been told that hackers leave a trace with there mac address, making changing your ip pointless if youre trying to be stealth im guessing. i checked out how to change my mac address and some places say you cant becuase the driver wont let me on windows vista. and some say that you can. ive tried through regedt32, i enabled and disabled my NIR, and rebooted. the mac still has not changed. how would i bypass what ever it is that my driver wont let me do? and how would i find out who was trying to get in my simulated network? also if someone were to change/spoof there mac address, how would i find out who they acually are? or would they be completely anonymous? thanks alot.
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sun Mar 01, 2009 2:08 pm

Re: changing mac address?

The mac address only works if the attacking machine is on the same subnet as you, and even then there are ways to spoof/forge/change it (for windows and linux).

Assuming it is an IP based attack, if you want to trace down a rogue mac address you only have a little time. The arp translation (IP Address to MAC Address mapping) is only kept for a few minutes to an hour on the machine and on networking gear, so if the attack has stopped you have to be fast.

To trace a mac address back you have to have managed network gear that allows you to query the CAM table. The CAM table stores the MAC address to Port mapping.

If you have cisco gear you can use the command below find a specific mac address where 0000.1111.2222 is the mac address in question.
  Code:
show mac-address-table | include 0000.1111.2222


I don't know how to query the CAM Table in a VMWare virtual switch.

Hope that helps.
twitter.com/timmedin | http://blog.securitywhole.com
<<

ddaavnid

Newbie
Newbie

Posts: 10

Joined: Thu Feb 26, 2009 6:41 am

Post Sun Mar 01, 2009 4:42 pm

Re: changing mac address?

ok cool. i will see if i can figure out how to gain accesss to the cam table. is there any way to change the mac on vista so i can test it out? and you said that the mac only works when the attacking machine is in the same sumnet as you, so when you say rogue mac address are you saying that mac is masked? thanks dude
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sun Mar 01, 2009 5:53 pm

Re: changing mac address?

There are a couple of good tools that automate the registry entry changes, smac and amac are two I know of.  Neither of these worked on Vista when I briefly had it on my laptop and I "downgraded" back to XP.  Changing  your MAC in Linux is very easy.
~~~~~~~~~~~~~~
Ketchup
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sun Mar 01, 2009 7:37 pm

Re: changing mac address?

ddaavnid wrote:and you said that the mac only works when the attacking machine is in the same sumnet as you, so when you say rogue mac address are you saying that mac is masked? thanks dude


If another machine is on the same subnet as you then the Layer 2 (MAC) address of each machine is seen by the other.

If they are on a different subnet they the need to go through a layer three device, usually a router, in order to talk to each other. The layer 3 device is the gateway to the other network. The traffic destined for another network is sent to and received from  the MAC address of the gateway (router).

Hope that helps.
twitter.com/timmedin | http://blog.securitywhole.com
<<

ddaavnid

Newbie
Newbie

Posts: 10

Joined: Thu Feb 26, 2009 6:41 am

Post Tue Mar 03, 2009 4:07 pm

Re: changing mac address?

cool thanks guys. when ever i get my hands on some sort of linux ill be able to explore with that some more.

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software