On 30 Oct 96 at 12:34, Todd Graham Lewis
<lists @
reflections .
mindspring .
com> wrote:
> On Wed, 30 Oct 1996, Vojin Urosevic wrote:
>
> > It's easier to keep a swiss-knife next to your monitor just in
> > case you get all mixed up with the arp table, in order to take
> > your collegues net card. :).
>
> There are cards in existence which will allow you to set the MAC
> address. I have seen it done, and I have seen an attack work based
> on this feature.
In particular, many (most?) of the software-set NICs allow use of an
arbitrary address; the setup program has an entry for an 'alternate'
address to be put into the card's EPROM. And NIC setup programs are
usually easy to get... given the program and a few minutes,
temporarily 'borrowing' a machine's identity is easy. Thus, MACs are
not reliable authenticators in most if not all cases. (This brings
to mind an even nastier prank possibility - user A goes to user B's
workstation, puts the setup program on the hard drive, runs it and
grabs the CEO's MAC, then tries for a prohibited web site, then
walks away. Ouch.)
--------------------------------------------------------------------
Rick Owens <rowens @
fvcc .
cc .
mt .
us> | FVCC, Kalispell, MT, USA, Sol 3
#include <std-disclaim.h>
"No! That's not a rabbit hole, that's a badg#!#@&*"
NO HARRIER
--------------------------------------------------------------------
|
|
