The MAC address of the network card is a unique identifier assigned to each Ethernet card. Network admins can locally find the MAC address of a machine by either sniffing traffic from the wire or by downloading ARP tables from routers. Therefore, hackers on internal networks (such as corporations or universities) will often try to hide their MAC address.
Spoofed MAC addresses can also be used locally to redirect trafffic from its intended host to the hacker's machine.
The MAC address can also be inadvertently revealed remotely. A NetBIOS Node Status query will discover the MAC address. Microsoft will generate unique identifiers for random "objects". For example, Windows will generate a GUID (globally unique idnetifier) from the MAC address
and assign it to the machine for internal communication. Microsoft Word will then insert the MAC address into all documents created on the machine. The consequence of this is that the creator of a document can be found via this GUID. This information help locate the creator the Melissa virus.
There are several ways of spoofing the IP address:
Some Ethernet adapters can be simply configured at boot up to use a different MAC address (soft configuration) (Hint: try setting the "NetworkAddress" parameter, even if it looks like the card doesn't support the feature).
Most all adapters use EPROMs to store the address, and can be reprogrammed (hard configuration).
It is really the TCP/IP stack that copies the MAC address into a frame; and a reprogrammed stack can usually bypass the configured MAC address.
0 comments:
Post a Comment