View Full Version : What is mac spoofing
can someone tell me what this means when i ckecked on my pc sygate Personal firewall today it was flashing red with the following message
Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer.
Packet data is shown in the right window.
0000: 00 50 FC A0 08 66 00 0A : 42 68 70 A8 08 06 00 01 | .P...f..Bhp.....
0010: 08 00 06 04 00 02 00 0A : 42 68 70 A8 51 67 F3 FE | ........Bhp.Qg..
0020: 00 50 FC A0 08 66 51 67 : F3 76 20 20 20 20 20 20 | .P...fQg.v
0030: 20 20 20 20 20 20 20 20 : 20 20 20 20 |
LemonyBrainAid
02-09-2004, 18:59
Uh..Just about the only thing I can tell you about that...is that its hex. A Hex editor will help? Correct me if I'm wrong.
greencreeper
02-09-2004, 19:35
AFAIK, you send out an ARP request to discover an IP address for a given MAC. If you get a reply but haven't asked, then I guess that would be dodgy.
can someone tell me what this means when i ckecked on my pc sygate Personal firewall today it was flashing red with the following message
Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer.
Packet data is shown in the right window.
0000: 00 50 FC A0 08 66 00 0A : 42 68 70 A8 08 06 00 01 | .P...f..Bhp.....
0010: 08 00 06 04 00 02 00 0A : 42 68 70 A8 51 67 F3 FE | ........Bhp.Qg..
0020: 00 50 FC A0 08 66 51 67 : F3 76 20 20 20 20 20 20 | .P...fQg.v
0030: 20 20 20 20 20 20 20 20 : 20 20 20 20 |
Having decoded it - it basically means sygate lied to you. :erm:
That is a genuine ARP reply packet directed at your IP address telling you the MAC address for your local default gateway. :D
ok thanks for the info clearing it up
greencreeper
02-09-2004, 23:29
Having decoded it - it basically means sygate lied to you. :erm:
That is a genuine ARP reply packet directed at your IP address telling you the MAC address for your local default gateway. :D
A connection issue maybe? If the firewall is doing stateful inspection of packets and the reply occurred too long after the request? Just a guess...
A connection issue maybe? If the firewall is doing stateful inspection of packets and the reply occurred too long after the request? Just a guess...More likely the gateway was just too busy to reply in time. Either way, it wasn't an "Unsolicited incoming ARP reply" - just a slow reply. :D
greencreeper
02-09-2004, 23:46
More likely the gateway was just too busy to reply in time. Either way, it wasn't an "Unsolicited incoming ARP reply" - just a slow reply. :D
:D
One day programmers will take care to ensure that warning and error messages are accurate :erm:
vBulletin® v3.8.11, Copyright ©2000-2024, vBulletin Solutions Inc.