Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Re: MAC address spoofing - conflict?
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Sun, 3 Sep 2006 18:39:51 -0700

This discussion has wandered well outside the realms of penetration testing
and should probably be continued on the wifi-sec list. I will be blocking
further emails on this thread unless they have a direct relevance to
penetration testing.

--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball" 



-----Original Message-----
From: Massimo Baschieri [mailto:massimo.baschieri () re-ti it]
Sent: Sunday, September 03, 2006 12:49 AM
To: nokia1 () gmail com; pen-test () securityfocus com
Subject: R: Re: MAC address spoofing - conflict?


Maybe you could explain what happens to the AP's ARP cache when it had
duplicate entries then?

Maybe you are getting a little confused about ap and arp.
An AP is a L2 device and as such it doesn't need arp table in order to
perform its duties.
Arp table is there almost only because it's supposed for the AP to have
an ip address for management purposes and because the ap itself may
have to talk with external services (radius, syslog, ntp, ecc..), but
if no wireless client is accessing the management interface of the ap
no client mac address is going to appear in the arp table of the ap.
Yes, dhcp server may (or may not) have problems with duplicate mac
addresses, but if you are forging a mac address you are not going to
use dhcp, aren't you?
Bye,
    Max.


-----------------------------------------------------------------------
-
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
-----------------------------------------------------------------------
-



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]