Easier than that, linux support mac address change with the ifconfig command
you can specify the mac address you want, it does't work with all card but
must recent network card i tried was working fine.
Btw having a "secure" network card that don't allow mac address change is no
logic cause normally you want not to prevent attack from yourself but from
other, and their is no way to ensure that the attacker network card will be
secure...

----- Original Message -----
From: "Peter Van Epp" <vaneppSFU.CA>
To: <PEN-TESTSECURITYFOCUS.COM>
Sent: Tuesday, February 13, 2001 3:16 PM
Subject: Re: [PEN-TEST] Changing MAC address on Win2k

> Changing the arp cache entry will not change the MAC address the card
> is using, it will only change the MAC address associated with the IP in
the
> arp cache. As someone mentioned you need to convince the card driver to
change
> the MAC address. Failing that you need to find the I/O address of the
Ethernet
> chip where the MAC address is written. This is generally trivial using
debug
> and the initialization ROM on the card. I always have a good laugh when a
> vendor tells me that "you can't change MAC addresses so our product (which
> depends on MAC addresses) is secure". Its never taken me more than 1/2 an
hour
> to find the necessary ports on the Ethernet chip (and your CPU writes the
> MAC address from prom/flash to the Enet chip during BIOS boot up in all
cases
> execpt where there is a CPU on the Enet card which is quite rare). Not all
> salesbeings seem to understand this however ... One note: when doing this
> make sure you use a valid MAC address (such as one stolen from a card
which
> is disconnected and in your hand) because duplicate MAC addresses on a
network
> will cause excitement.
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
>
> >
> > Hi all! :)
> > Is Working only in Win2k ??
> > Because i try it here in my Nt 4.0 +SP6a ...but i didn't had error in
arp
> > command...but didn't work...look:
> >
> > Configura?Æo de IP do Windows NT
> >
> > Nome do host . . . . . . . . . . : nt_hadrion.hadrion.com
> > Servidores DNS . . . . . . . . . :
> > Tipo de n¢ . . . . . . . . . . . : H¡brida
> >
> > Identificador de escopo NetBIOS. :
> > Roteamento de IP ativado . . . . : Sim
> > Proxy WINS ativado . . . . . . . : NÆo
> > Resolu?Æo NetBIOS usa DNS. . . . : NÆo
> >
> > Ethernet adaptador E100B1:
> >
> > Descri?Æo. . . . . . . . . . . . : Intel EtherExpress PRO PCI Adapter
> > Endere?o f¡sico. . . . . . . . . : 00-10-DC-0D-40-27
> > DHCP ativado . . . . . . . . . . : NÆo
> > Endere?o IP. . . . . . . . . . . : 192.168.151.100
> > M scara de sub-rede. . . . . . . : 255.255.255.0
> > Gateway padrÆo . . . . . . . . . : 192.168.151.1
> > Servidor WINS prim rio . . . . . : 120.120.120.2
> >
> > Ethernet adaptador NdisWan4:
> >
> > Descri?Æo. . . . . . . . . . . . : NdisWan Adapter
> > Endere?o f¡sico. . . . . . . . . : 00-00-00-00-00-00
> > DHCP ativado . . . . . . . . . . : NÆo
> > Endere?o IP. . . . . . . . . . . : 0.0.0.0
> > M scara de sub-rede. . . . . . . : 0.0.0.0
> > Gateway padrÆo . . . . . . . . . :
> >
> > Then i do to test: arp -s 192.168.151.100 00-10-DC-0D-40-40
> > changing only the ultimate 2 numbers of mac...and it didn't show-me
> > error...but when i verify my mac appear igual before! look (same mac):
> >
> > Ethernet adaptador E100B1:
> >
> > Descri?Æo. . . . . . . . . . . . : Intel EtherExpress PRO PCI Adapter
> > Endere?o f¡sico. . . . . . . . . : 00-10-DC-0D-40-27
> > DHCP ativado . . . . . . . . . . : NÆo
> > Endere?o IP. . . . . . . . . . . : 192.168.151.100
> > M scara de sub-rede. . . . . . . : 255.255.255.0
> > Gateway padrÆo . . . . . . . . . : 192.168.151.1
> > Servidor WINS prim rio . . . . . : 120.120.120.2
> >
> > Thkz...
> > until more! =)
> >
> > -----Mensagem original-----
> > De: N0sferatu <satanTM.NET.MY>
> > Para: PEN-TESTSECURITYFOCUS.COM <PEN-TESTSECURITYFOCUS.COM>
> > Data: Domingo, 11 de Fevereiro de 2001 23:47
> > Assunto: Re: [PEN-TEST] Changing MAC address on Win2k
> >
> >
> > ; I don't really know whether this is correct but I have tried and found
> > that the MAC address can be changed in Win2k by issuing this command :
> > arp -s ip-of-the-computer mac-address
> >
> > though it might be wrong..
> >
> > \
> >
> > -----Original Message-----
> > From: Penetration Testers [mailto:PEN-TESTSECURITYFOCUS.COM]On Behalf
> > Of Parth Galen
> > Sent: Monday, February 12, 2001 4:46 AM
> > To: PEN-TESTSECURITYFOCUS.COM
> > Subject: [PEN-TEST] Changing MAC address on Win2k
> >
> >
> > I recently read in Pen-Test that the MAC could be changed in Win2k. I
have
> > looked on the web for info, and in the archives at Security Focus but
can
> > not find any "How To" information. Nothing on my system offers any
obvious
> > opportunity either.
> >
> > So, can anyone tell my how to change the MAC on Win2k.
> >
> > This has to do with better anonymity while doing Pen-Tests. It is nice
to
> > hop through proxies, but my MAC is always there to ID me. Specifically,
I
> > working in a multi-site company, and their ID (they tell me) is blocking
my
> > work based on MAC. Changing IP does not help.
> >
> > Thanks Much,
> > Parth
> >
> >
> > Get your small business started at Lycos Small Business at
> > http://www.lycos.com/business/mail.html
> >
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]