From: Pauli Ojanpera [pauli_ojanpera@HOTMAIL.COM]
Sent: Thursday, March 23, 2000 3:28 AM
To: VULN-DEV@SECURITYFOCUS.COM
Subject: Re: spoofing the ethernet address

Because we still seem to discuss this subject I thought
I would add my 2 pennies also. I don't remember anyone
mentioning this.

Instructions for spoofing an Ethernet MAC address can
be found at: http://www.terena.nl/tnnc/1B/1B2/1B2.html

--cut--
In Windows 95/98 and NT go to windows registry (use command regedit) and add
a new stringvalue line "NetworkAddress=000011112222" to your Ethernet
adapter parameters section (substitute 000011112222 by desired MAC address).
In Windows95/98 the path to Ethernet adapter is something like:
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Net\0000].
In Windows NT the path is something like:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NE20001\Parameters].
The actual path will depend on the number and type of installed adapters.
Reload the computer for the change to take effect. Use commands winipcfg (in
Windows95/98) and ipconfig /all (in Windows NT) to check the current MAC
address.
--cut--

----Original Message Follows----
From: Pierre Landau <pierre@POLYMAPSYSTEMS.COM>

Another possible vulnerability with spoofing MAC addresses is the number of
software license managers that rely on this number as a unique hardware
signature.

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com