Overview

MAC Addresses

A MAC address is a digital fingerprint that is associated uniquely with a physical device. In theory, no two mac addresses should be the same. In practice, the MAC address can be controlled and spoofed.

MAC addresses are important on local networks because the DHCP server (or router) needs some way to identify different machines in order to hand out IP addresses. The MAC address is associated with OSI Level 2 (Device), while the IP address is associated with OSI Level 3 (Network).

CAM Table

It is important for a router or DHCP server to keep track of the different MAC addresses it has seen, so that it can recognize a returning device versus new devices. To do that, the router uses a CAM table, which is a table of all MAC addresses the router has seen.

The CAM table is the weak point of the system - if the CAM table breaks, then the router can't properly keep track of what MAC addresses it has seen before, or which MAC addresses have been assigned which IP addresses.

MAC Flood Attack

Once the CAM table is broken, an ARP spoofing attack becomes possible - the attacker sends ARP packets to the router that instruct it to associate the victim IP address with the attacker MAC address, routing all victim traffic to the attacker machine.

The MAC flood attack targets the CAM table. It generates a large number of random MAC addresses in order to flood the CAM table with junk and break the link between Layer 2 and Layer 3.

Tools

See Macof for a tool to perform MAC flooding attacks. Macof is part of the Dsniff suite of tools.

Links

Flags

monkey in the middle attacks in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker. MITM Wireless Attacks: MITM/Wireless Wired Attacks: MITM/Wired Layer 1 and 2 MITM Attacks: MITM/Layer 1 and 2 Network Tap: MITM/Wired/Network Tap Evil Twin Attack: Evil Twin  · MITM/Evil Twin Layer 3 and 4 MITM Attacks: MITM/Layer 3 and 4 Traffic Sniffing: MITM/Sniffing ARP Poisoning: MITM/ARP Poisoning Traffic Injection/Modification: MITM/Traffic Injection DNS Attacks: MITM/DNS  · Bettercap/Failed DNS Spoofing Attack  · Bettercap/Failed DNS Spoofing Attack 2 DHCP Attacks: MITM/DHCP WPAD MITM Attack: MITM/WPAD Port Stealing: MITM/Port Stealing Rushing Attack: MITM/Rushing Attack Attacking HTTPS: MITM/HTTPS Layer 5 MITM Attacks: Session Hijacking: MITM/Session Hijacking Toolz: Ettercap  · Bettercap  · MITMf  · EvilFOCA Wireshark  · Aircrack Dsniff  · Arpspoof  · Dnsspoof SSLSniff  · SSLStrip  · Frankencert Driftnet  · Karma MITM Labs: {{MITMLabs}} Category:MITM  · Category:Attacks  · Category:Kali Attack Layers Template:MITMLabs  · Template:MITMFlag Flags  · Template:MITMFlag  · e

Kali Linux "The quieter you become, the more you are able to hear." Penetration testing Linux distribution. Kali  · Category:Kali Kali/Wireless Reboot Kali Software: Kali Tools Kali Top 10 Aircrack  · Wireshark  · John the Ripper  · Nmap  · Metasploit Framework Dsniff  · Tcpdump  · Hydra  · Sqlmap  · Burpsuite  · Commix Dirbuster  · Valgrind Attack Workflow: Kali/Workflow 1 Physical Attacks: Kali/Layer 1 Attacks 2 Data/MAC Attacks: Kali/Layer 2 Attacks 3 Network Attacks: Kali/Layer 3 Attacks 4 Transport Attacks: Kali/Layer 4 Attacks 5 Session Attacks: Kali/Layer 5 Attacks 6 Presentation Attacks: Kali/Layer 6 Attacks 7 Application Attacks: Kali/Layer 7 Attacks Red Team Blue Team Metasploitable - Red Team Metasploitable - Blue Team Networking: Kali/Hotspot  · Kali/OpenVPN  · Kali/OpenVPN/Hotspot  · Kali/OpenVPN/PIA Kali/IPv6 Booting: Kali/Dual Boot OS X  · Kali/Live USB  · Kali/Persistent USB Installing: Kali/Installing  · Kali/Post Install  · Kali/Fixes Kali on Raspberry Pi: Kali Raspberry Pi  · Kali Raspberry Pi/Installing  · Kali Raspberry Pi/Headless  · Kali Raspberry Pi/Post-Install Category:Security  · Category:Wireless  · Category:Passwords  · Category:Man in the Middle  · Category:Evil Twin Flags  · Template:KaliFlag  · e