RE: Ping a mac address

From: Dario Ciccarone (dciccaro) (dciccaro@cisco.com)
Date: Sun Dec 04 2005 - 16:47:48 EST


>
> > For instance, I have a few IP cameras around my
> infrastructure... If
> > I add a static ARP entry for the MAC to some arbitrary IP
> (that's still on
> > my subnet) I can use that arbitrary IP to access the unit's HTTP
> > configuration... works just fine.
>
> You're lucky to be facing theses non RFC compliant devices :)))

Agree with Cedric here. Which opens another issue: say your device
assigned IP address is 1.2.3.4, MAC A, and the device also allows you to
configure access control based on IP address - this would probably allow
you to bypass those controls.

But - iff the IP stack is so dumb, which source address does it use to
reply? The real IP address configured on its interface? Or it just swaps
SRC/DST on the original packet? That would allow 2-way communications.

Guess it works on Axis cameras at least, if you're able to do the 3-way
and actually configure them ;)

Dario

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:14 EDT