[VLAN] 802.1Q - MAC Spoofing
P Chaitra-A15829
chaitra at motorola.com
Wed Sep 27 04:25:07 PDT 2006
Sorry I wanted to even add this :
The strange thing is it goes ahead and creates the interface in spite of
these warnings.
/proc/net/vlan :
-rw------- 1 root root 0 Sep 27 17:03 eth0.5
-rw------- 1 root root 0 Sep 27 17:03 config
[root at arabhi vlan]# cat config
VLAN Dev name | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth0.5 | 5 | eth0
Thanks,
Chaitra
-----Original Message-----
From: P Chaitra-A15829
Sent: Wednesday, September 27, 2006 4:45 PM
To: 'Linux 802.1Q VLAN'
Subject: RE: [VLAN] 802.1Q - MAC Spoofing
Ben,
I get the below warning when I try to configure vconfig for the first
time.
[root at arabhi] vconfig add eth0 5
WARNING: Could not open /proc/net/vlan/config. Maybe you need to load
the 8021q module, or maybe you are not using PROCFS??
Added VLAN with VID == 5 to IF -:eth0:-
But the 802.1q module is present in the kernel.
/sys/module/8021q
/proc/3802
/proc/3802/task/3802
/usr/src/kernels/2.6.9-22.EL-i686/drivers/net/wireless/ieee80211
/usr/src/kernels/2.6.9-22.EL-i686/net/8021q
/usr/src/kernels/2.6.9-22.EL-i686/include/config/vlan/8021q
/usr/src/kernels/2.6.9-22.EL-smp-i686/include/config/vlan/8021q
/usr/src/kernels/2.6.9-22.EL-hugemem-i686/net/8021q
/usr/src/kernels/2.6.9-22.EL-hugemem-i686/net/802
Thanks,
Chaitra
-----Original Message-----
From: vlan-bounces at candelatech.com [mailto:vlan-bounces at candelatech.com]
On Behalf Of Ben Greear
Sent: Wednesday, September 27, 2006 7:05 AM
To: Linux 802.1Q VLAN
Subject: Re: [VLAN] 802.1Q - MAC Spoofing
P Chaitra-A15829 wrote:
> Thanks for the reply Ben.
>
> I haven't tried arp filter yet. But what I did was updated the arp
> table of the other host (himadri) with the spoofed MAC address of
> Linux machine.
> himadri :> arp -a | grep 210
> 7:qfe0 192.2.84.210 255.255.255.255 S 00:11:11:29:78:11
> I pinged 192.2.84.210 (spoofy Linux machine) from himadri.
>
> The snoop at arabhi (192.2.84.210 ):
>
> 06:29:38.864074 00:03:ba:08:ac:eb > 00:11:11:29:78:11, ethertype IPv4
> (0x0800), length 98: IP (tos 0x0, ttl 255, id 16047, offset 0, flags
> [DF], proto 1, length: 84) himadri > 192.2.84.210: icmp 64: echo
> request seq 119
> 06:29:39.864080 00:03:ba:08:ac:eb > 00:11:11:29:78:11, ethertype IPv4
> (0x0800), length 98: IP (tos 0x0, ttl 255, id 16048, offset 0, flags
> [DF], proto 1, length: 84) himadri > 192.2.84.210: icmp 64: echo
> request seq 120
> 06:29:40.863960 00:03:ba:08:ac:eb > 00:11:11:29:78:11, ethertype IPv4
> (0x0800), length 98: IP (tos 0x0, ttl 255, id 16049, offset 0, flags
> [DF], proto 1, length: 84) himadri > 192.2.84.210: icmp 64: echo
> request seq 121
> There is no response from 'arabhi' (spoofy Linux machine) on this MAC
> address... the switch is forwarding the frames though.
>
>
> Do I need to change any configuration on the Linux host to associate
> itself with this spoofed MAC interface ??
>
> Regards,
> Chaitra
Are the frames being encapsulated on the VLAN? If not, they will not be
delivered to the VLAN
device in Linux.
Try this:
add vlan with VID 5 to the switch, IP addr: 10.10.1.2
add vlan with VID 5 to the Linux box, IP addr: 10.10.1.3
You should be able to ping between them, and sniffing the vlan eth0.5
device on
the linux box should show traffic.
This assumes that your eth0 interface is on a different subnet, perhaps
192.168.1.3....
Once that works, you can move on to arp-filter stuff.
Ben
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
_______________________________________________
Vlan mailing list
Vlan at candelatech.com
http://www.candelatech.com/mailman/listinfo/vlan
More information about the Vlan
mailing list