On Tue, Jun 18, 2002 at 12:58:16PM -0600, Daniel Farnsworth Teichert wrote:
> User A (who's not supposed to have access to the network) somehow
> discovers the MAC address of user B (who has access); this seems
> like it would be the tricky part--am I right, there?
yessir - if user A gets user B's NIC's MAC, which could be trivial by
using social engineering / physical access (user B goes to lunch - pop
out their PCMCIA card and slap it in your own lapper, recording the MAC
in the process, then put it back) they can spoof their own
NIC's MAC via software and gain access, also gaining User B's DHCP
address if the network is so configured to assign addresses this way.
This assumes that User A and User B will not access the lab's switch at
the same time, or hardware address collisions will result, and User A is
caught. game over.
> User A saunters in to the lab, hooks up his Linux laptop with the
> spoofed MAC address of user B...
>
> ...and user A has access to the network.
you got it. additionally, using a switch by allowing a range of MACs
on a range of ports, gives User A the ability to use ARP attacks against
the switch and sniff all the traffic going across each port configured
for a range. Assigning each user's MAC to a particular port heads this
off, because the switch expects User B's MAC on User B's port, but like
I said in a previous post, this bridges the gap between making a network
secure and unusable - It's just a logistics nightmare for portable
machines like laptops, which is why most network admins don't do this.
Where it does make sense and isn't quite so bad is in a datacenter
environment, where generally MACs don't change and machines aren't
moved.
HTH.
--
[ rich henning ] /"\
[ [EMAIL PROTECTED] ] \ /
X
support the ascii ribbon campaign against html e-mail / \
