From: Joe Smith (j333smith@hotmail.com)
Date: Thu Dec 23 2004 - 10:45:34 GMT-3
When a packet is routed/forwarded the layer 2 header is stripped and
replaced. Therefore, if the packet is not from the local network the source
MAC address will be different then the MAC address in the DHCP packet. And
yes it is very easy to spoof a local network source MAC address and/or
change the mac address in the DHCP packet.
J3
>From: "ccie2be" <ccie2be@nyc.rr.com>
>Reply-To: "ccie2be" <ccie2be@nyc.rr.com>
>To: "Group Study" <ccielab@groupstudy.com>
>Subject: mac address spoofing & dhcp snooping
>Date: Wed, 22 Dec 2004 18:47:54 -0500
>
>Hi guys,
>
>Is it possible to spoof the source mac address of an outgoing frame?
>
>I ask because when dhcp snooping is enabled on a 3550, it checks
>
>to see if the source mac address of the frame is the same as the mac
>address
>
>inside the dhcp packet.
>
>If the 2 mac addresses are different, the 3550 will drop the packet.
>
>Besides spoofing the source mac address, are there any possible reasons
>
>the source mac address would be different from the mac address contained
>
>inside the packet?
>
>TIA, Tim
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:29 GMT-3