7.5 Spoofing Attack

MAC Spoofing/Duplicating

  • MAC duplicating attack is launched by sniffing a network for MAC addresses of clients who are actively associated with a switch port and re-using one of those addresses.
  • By listening to the traffic on the network, a malicious user can intercept and use a legitimate user's MAC address to receive all the traffic destined for the user.
  • This attack allows an attacker to gain access to the network and take over someone's identity already on the network.

MAC Spoofing Technique: Windows

  • In Windows 8 OS:
    • Method 1: If the network interface card supports clone MAC address then follow the steps.
    • Method 2: Steps to change MAC address in Registry.

MAC Spoofing Tool: SMAC

  • SMAC is a MAC Address Changer (Spoofer) that allows users to change MAC address for any network interface cards (NIC) on the Windows systems.

IRDP Spoofing

  • ICMP Router Discovery Protocol (IRDP) is a routing protocol that allows host to discover the IP addresses of active routers on their subnet by listening to router advertisement and solicitation messages on their network.
  • Attacker sends spoofed IRDP router advertisement message to the host on the subnet, causing it to change its default router to whatever the attacker chooses.
  • This attack allows attacker to sniff the traffic and collect the valuable information from the packets.
  • Attackers can use IRDP spoofing to launch man-in-the-middle, denial-of-service, and passive sniffing attacks.

How to Defend Against MAC Spoofing

  • Use DHCP Snooping Binding Table, Dynamic ARP Inspection, and IP Source Guard.
    • Encryption
    • Retrieval of MAC Address

Q1) Which of the following is not considered to be a part of active sniffing?

  1. MAC Flooding
  2. ARP Spoofing
  3. SMAC Fueling
  4. MAC Duplicating

Q2) Which of the following countermeasure can specifically protect against both the MAC Flood and MAC Spoofing attacks?

  1. Configure Port Security on the switch
  2. Configure Port Recon on the switch
  3. Configure Switch Mapping
  4. Configure Multiple Recognition on the switch

Q3) Jayden is a network administrator for her company. Jayden wants to prevent MAC spoofing on all the Cisco switches in the network. How can she accomplish this?

  1. Jayden can use the commanD. ip binding set.
  2. Jayden can use the commanD. no ip spoofing.
  3. She should use the commanD. no dhcp spoofing.
  4. She can use the commanD. ip dhcp snooping binding.

Q4) MAC spoofing applies a legitimate MAC address to an unauthenticated host, which allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client?

  1. The MAC address doesn’t map to a manufacturer.
  2. The MAC address is two digits too long.
  3. A reverse ARP request maps to two hosts.
  4. The host is receiving its own traffic.

A4) MAC spoofing results in duplicate MAC addresses on a network unless the compromised client has been bumped from its connection. Two IP addresses mapping to one MAC indicates a bogus client.

results matching ""

    No results matching ""