On Tue, Jun 18, 2002 at 12:58:16PM -0600, Daniel Farnsworth Teichert wrote: > User A (who's not supposed to have access to the network) somehow > discovers the MAC address of user B (who has access); this seems > like it would be the tricky part--am I right, there?
yessir - if user A gets user B's NIC's MAC, which could be trivial by using social engineering / physical access (user B goes to lunch - pop out their PCMCIA card and slap it in your own lapper, recording the MAC in the process, then put it back) they can spoof their own NIC's MAC via software and gain access, also gaining User B's DHCP address if the network is so configured to assign addresses this way. This assumes that User A and User B will not access the lab's switch at the same time, or hardware address collisions will result, and User A is caught. game over. > User A saunters in to the lab, hooks up his Linux laptop with the > spoofed MAC address of user B... > > ...and user A has access to the network. you got it. additionally, using a switch by allowing a range of MACs on a range of ports, gives User A the ability to use ARP attacks against the switch and sniff all the traffic going across each port configured for a range. Assigning each user's MAC to a particular port heads this off, because the switch expects User B's MAC on User B's port, but like I said in a previous post, this bridges the gap between making a network secure and unusable - It's just a logistics nightmare for portable machines like laptops, which is why most network admins don't do this. Where it does make sense and isn't quite so bad is in a datacenter environment, where generally MACs don't change and machines aren't moved. HTH. -- [ rich henning ] /"\ [ [EMAIL PROTECTED] ] \ / X support the ascii ribbon campaign against html e-mail / \