LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-11-2005, 04:14 AM   #1
bensky
LQ Newbie
 
Registered: Feb 2005
Posts: 4

Rep: Reputation: 0
detect mac address spoofing


Hi,

I want to write a small programm to detect if a user has tried to spoof his mac address. The program will run directly on the workstation with the possibly spoofed MAC address.

I tried already the following to read the Mac Address:

Code:
int main( int argc, char *argv[] )  { 
  int s;  struct ifreq buffer; 
  s = socket(PF_INET, SOCK_DGRAM, 0);   
  memset(&buffer, 0x00, sizeof(buffer));  
  strcpy(buffer.ifr_name, "eth0");  
  ioctl(s, SIOCGIFHWADDR, &buffer); 
  close(s);   

  for( s = 0; s < 6; s++ )  {  
    printf("%.2X ", (unsigned char)buffer.ifr_hwaddr.sa_data[s]);
  }    
  
  printf("\n");  
  return 0;  
}
But this will always return the spoofed Mac address in case it is changed.

Now my question, how can I read the mac address directly from the lan card ROM? I guess there should be a code snipet in the kernel which I could re-use to do so!

Thanks in advance for any input on this!

Ben
 
Old 03-13-2005, 12:23 AM   #2
newpenguin
Member
 
Registered: Sep 2002
Location: lahore pakistan
Distribution: slackware,redhat, FreeBSD,openbsd
Posts: 219

Rep: Reputation: 30
i know this is not answer of your question, but may be usefull for some one.

because thats a big issues these days.

a common solution to this problem is to bind a specific pair of mac/ip to a switch port, if your switch supports it.

however if you have a linux router you can use iptables to allow specific pairs of mac/ip and then deny all.

Last edited by newpenguin; 03-13-2005 at 12:25 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MAC Address spoofing on alias/secondary interface tara Linux - Networking 3 08-31-2005 09:22 PM
MAC Destination Spoofing outspoken Linux - Networking 4 04-06-2005 10:47 AM
changed mac address, now FC3 can't detect it lumba1 Linux - General 2 03-05-2005 05:14 AM
Problem spoofing mac address colombo187 Linux - Networking 1 02-05-2005 08:27 PM
Need help spoofing MAC address, ifconfig down seems to remove wireless card sicc Linux - Wireless Networking 0 11-30-2004 02:42 AM


All times are GMT -5. The time now is 09:37 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration