Mac Tools Too l Trucks – Own Your Own Automotive Tool Franchise and Be Your Own Boss™ In addition to manufacturing a wide variety of outstanding automotive tools, Mac Tools provides one of the best franchise opportunities available to qualified candidates with a passion for the automotive industry. Our franchisees get to enjoy the freedom of life on the road while selling top-quality.
Today, various tools can perform MAC flooding attacks. These tools include Ettercap3, Yersinia4, THC Parasite5, and macof. Macof is efficient and extremely simple to use. Example 2-1 presents its manual page.
Example 2-1 Macof Manual Page
Aug 03, 2020. Sep 26, 2013. Download Hyenae for free. Hyenae is a highly flexible platform independent network packet generator. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant.
MACOF(8) MACOF(8) Accelrys draw free download mac.
NAME
macof - flood a switched LAN with random MAC addresses SYNOPSIS
macof [-i interface] [-s src] [-d dst] [-e tha] [-x sport] [-y dport] [-n times]
DESCRIPTION
macof floods the local network with random MAC addresses (causing some switches to fail open in repeating mode, facilitating sniffing). A straight C port of the original Perl Net::RawIP macof program by Ian Vitek <[email protected]>.
OPTIONS
-i interface
Specify the interface to send on.
-s src Specify source IP address.
-d dst Specify destination IP address.
-e tha Specify target hardware address.
-x sport
Specify TCP source port.
-y dport
![]()
Specify TCP destination port.
-n times
Specify the number of packets to send.
Values for any options left unspecified will be generated randomly.
SEE ALSO
dsniff(8)
AUTHOR
Dug Song <[email protected]>
Example 2-2 presents a snapshot of a Catalyst 6500's bridging table before invoking macof.
Example 2-2 Catalyst 6500 Bridging Table Before Macof Operation
6K-1-720# sh mac-address-table dynamic vlan 20
Legend: * - primary entry age - seconds since last seen n/a - not available vlan mac address type learn age ports
* 20 00ff.01ff.01ff dynamic Yes 45 Gi1/15
Only one entry is off port Gi1/15. Let's now start macof from the workstation connected to port Gi1/15, as shown in Example 2-3.
Example 2-3 Using the Macof Tool
Example 2-4 shows the bridging table now.
Example 2-4 Catalyst 6500 Bridging Table After Macof Operation
Only three entries appear, even though macof was asked to generate five entries. What happened? If you look at the MAC addresses that the switch learned, you see CE:56:EE: 19:85:1a and 3A:50:DB:3f:E9:C2. They were indeed generated by macof. However, the tool also generated traffic from MAC addresses 2b:e:b:46:a8:50, DB:AD:AA:2D:AC:E9, and 89:63:d:a:13:87. Actually, it is no accident that the switch did not learn those addresses. They all have something in common. Table 2-2 shows the far-left octets.
Table 2-2 High-Order Octets of Source MAC Addresses
Look at the low-order (far-right) bit of each MAC address. It is set to 1. This indicates a group address, which is normally exclusively used by multicast traffic.
What Is Multicast?
Multicast is a technique used for one-to-many or many-to-many communication. By using multicast, a source can reach an arbitrary number of interested recipients who can subscribe to the group (a special Class D IP address) it is sending to. The beauty of multicast is that, from the source's perspective, it sends only a single frame. Only the last networking device replicates that single frame into as many frames as necessary, depending on the number of recipients. On Ethernet, multicast frames are identified by a special group bit being set to 1. It is the low-order bit of the high-order byte.
Switches should not learn source addresses whose group bit is set. The presence of the group bit is legitimate only when present in a destination MAC address. The IEEE 802.32002 specification is clear on this topic:
'5.2.2.1.29 aReadWriteMACAddress ATTRIBUTE
APPROPRIATE SYNTAX: MACAddress
BEHAVIOUR DEFINED AS:
Read the MAC station address or change the MAC station address to the one supplied (RecognizeAddress function). Note that the supplied station address shall not have the group bit set and shall not be the null address.'6
Mac Flooding Tool Windows Download 32-bit
If your LAN switch learns those frames, consider having a conversation with the switch's vendor. That being said, macof is essentially a brute-force tool and, as such, it does not embarrass itself by abiding official IEEE standards. It generates both valid and illegitimate source MAC addresses. As a matter of fact, some switches are known to learn such addresses! Regardless, a hacker is probably not going to start macof to generate just five MAC addresses. The strength of the tool is the sheer speed at which it can produce an impressive number of random addresses and source traffic from them, as Example 2-5 shows.
Example 2-5 Filling Up the Bridging Table During a Macof Attack
In a matter of seconds (between 7 and 8, in this case), more than 50,000 MAC addresses are injected on a port using a regular Intel Pentium 4-based PC running Linux. The command used is macof -i ethl. In less than 10 seconds, the entire bridging table is exhausted, and flooding becomes inevitable. When targeting a Catalyst 6500 equipped with a Supervisor Engine 720 running Cisco IOS Software Release 12.2(18)SXF1, the following syslog message appears when the table is full:
Dec 23 21:04:56.141: %MCAST-SP-6-L2_HASH_BUCKET_COLLISION: Failure installing
(G,C)->index: (0100.5e77.3b74,20)->0xEC6 Protocol :0 Error:3
https://twistedclever659.weebly.com/dvdfab-platinum-mac-free-download.html. The message indicates that there just isn't any room left in the table to insert a single MAC address. Naturally, a hacker does not need to see that message to determine whether the attack succeeded.
NOTE Smart hackers are unlikely to carry out MAC flooding attacks for extensive periods of time—usually just long enough to gather a list of genuine IP/MAC addresses on a given VLAN or a few clear-text login credentials. However, not all switches react the same way to MAC flooding attacks, particularly when faced with high-volume attacks. Indeed, some switches perform MAC learning using specific hardware, while others relegate this task to a software process. The latter are more likely to suffer from the attack.
Was this article helpful?
All MAC flooding tools force a switch to 'fail open' to later perform selective MAC spoofing attacks. A MAC spoofing attack consists of generating a frame from a malicious host borrowing a legitimate source MAC address already in use on the VLAN. This causes the switch to forward frames out the incorrect port, as Figure 2-6 shows.
Figure 2-6 Spoofing a MAC Address
Mac Flooding Tool Windows Download Windows 7
0000.CAFE.0000
0000.CAFE.0000
Mac Flooding Tool Windows Download Windows 10
Mac Flooding Tool Windows Download 64-bit
Mac Flooding Tool Windows Download Windows 10
Although they're extremely easy to carry out (most Ethernet adapters permit their MAC address to be modified), MAC spoofing attacks come with a significant drawback: Unlike MAC flooding attacks, they have the potential to cause an immediate denial of service (DoS) to the spoofed host. In Figure 2-6, as soon as the impostor on host C masquerades as host B, host B completely stops receiving traffic. That is because a given source MAC address cannot appear simultaneously on different ports inside a common VLAN. The switch updates its table based on the most recently seen frame. Traffic to host B can resume if—and only if—the genuine host B sources a frame, thereby again updating the switch's bridging table.
Was this article helpful?
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2020
Categories |