Jump to content


Photo
- - - - -

How to avoid the spoof detection script employed by my isp


  • This topic is locked This topic is locked
25 replies to this topic

#1 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 17 June 2008 - 02:06 PM

Hi Guys

for the past two weeks i was sniffing my ethernet lan ... switch connection................

using Cain... in windows.......... and ettercap and dsniff using........ linux.........

Now my ISP .. has employed a spoof detection script ... which wud bann a mac address which is......spoofing......... I wanna know... first of all .. what is this script .. secondly how to by pass this restriction............... i tried using arpspoofing two mac .. one my routers one clients.... and also switched fargrouting on...... my isp was able to block my mac.

then i used using cain.. spoofing still no respite..



Regards
Rakshit

#2 PurpleJesus

PurpleJesus

    Dangerous free thinker

  • Members
  • 1,578 posts
  • Gender:Male
  • Location:800

Posted 17 June 2008 - 05:24 PM

Are you on a cable modem?? I know that if I change my mac address on my router I have to cycle the cable modem.

Edited by PurpleJesus, 17 June 2008 - 05:26 PM.


#3 Lord Wud

Lord Wud

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 423 posts
  • Location:New Jersey

Posted 17 June 2008 - 09:11 PM

This post makes me want to stab myself for every time i ever used more then one period in a row. That being said, if you think your mac address has been blocked, change it.


EDIT: Also it is really not a good idea to piss off the admins at your ISP. Remember that they can sniff all of your internet traffic, and chances are that their boss is too busy to care.

Edited by Lord Wud, 17 June 2008 - 09:18 PM.


#4 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 17 June 2008 - 09:16 PM

yeah its cable modem....................... I wanna continuing spoofing , that im not able to .. bcz when i start my spoofing program.. it bans my mac address how do i pass this restriction so that i continue spoofing and sniffing
















reg
raks

#5 PurpleJesus

PurpleJesus

    Dangerous free thinker

  • Members
  • 1,578 posts
  • Gender:Male
  • Location:800

Posted 17 June 2008 - 09:34 PM

yeah its cable modem....................... I wanna continuing spoofing , that im not able to .. bcz when i start my spoofing program.. it bans my mac address how do i pass this restriction so that i continue spoofing and sniffing















reg
raks




If you're plugged straight into the cable modem, try cycling the power to the modem after you change your mac. If you're hooked up to a router it shouldn't matter unless you're spoofing the router's mac.
Either way, it won't help much; the IP still tracks back to your terminal address/modem.

#6 Remix

Remix

    SUP3R 31337

  • Members
  • 173 posts
  • Location:New York

Posted 18 June 2008 - 08:27 AM

why do you post like such an asshole .................................................................















?

#7 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 18 June 2008 - 10:13 AM

Mind ur language Mr.


Secondly..... what asshole... features u find in this post! :huh:

do give ur insight??

#8 KingofFools

KingofFools

    Will I break 10 posts?

  • Members
  • 6 posts

Posted 18 June 2008 - 12:34 PM

Secondly..... what asshole... features u find in this post! :huh:




Just a guess, but how about ............................................................................? Maybe? haha

#9 Remix

Remix

    SUP3R 31337

  • Members
  • 173 posts
  • Location:New York

Posted 18 June 2008 - 02:17 PM

Mind ur language Mr.


Secondly..... what asshole... features u find in this post! :huh:

do give ur insight??


Isn't it obvious? maybe I am just delusional...

#10 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 19 June 2008 - 12:31 AM

may be dumb heads like u find this post.............. unsual lol.............


u need to expeirence....... to write something!

if u know the answer very well .. if u dont.. then please shut ur freakin mouth...

#11 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 19 June 2008 - 12:52 AM

@vector


No dude... it is a real script that bans a mac address found spoofing , i tried with some other mac and my connection was working as b4.

the only thing i cant do is arp sniffing... in my lan or else my mac is banner....... either i spoof or i dont.

#12 thenotwist

thenotwist

    Mack Daddy 31337

  • Members
  • 216 posts

Posted 19 June 2008 - 03:23 AM

Write a script yourself to change your MAC address everytime it gets blocked.

#13 Andre van dem Helge

Andre van dem Helge

    mad 1337

  • Members
  • 135 posts

Posted 19 June 2008 - 03:44 AM

Generally EVERY TIME you change the MAC address you MUST POWER CYCLE THE MODEM.

I would read with care the MAC registry and rules and make sure the MAC you are using is 100% "valid" and of course powercycle the modem before you draw any conclusions.

Why would the ISP care if you spoofed the CM side IP of your device, anyways? I really think you just aren't powercycling.

#14 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 19 June 2008 - 02:03 PM

I have been sniffing the whole lan conn. by poisoning other clients mac address using cain.

My ISP .. have put up a script.. , where if u even spoof a mac address.. ur mac will be banned. and i have to configure some other mac to work it again.



@thenotwist

Nice idea... but .. can u tell me .. how to make this script in linux and windows (sorry sounding very noobe).

#15 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 19 June 2008 - 02:25 PM

@ thenotwist

Making a script for changing my mac everytime i connect d internet .. on linux .. by creating a shell script.. is easy

But how wud i do this in winxp.. (im really noob in here)

could u guide me how to go abt it .


thanks

#16 Andre van dem Helge

Andre van dem Helge

    mad 1337

  • Members
  • 135 posts

Posted 19 June 2008 - 04:57 PM

I have been sniffing the whole lan conn. by poisoning other clients mac address using cain.

My ISP .. have put up a script.. , where if u even spoof a mac address.. ur mac will be banned. and i have to configure some other mac to work it again.


So your ISPs script detects if you changed the MAC address without powercycling the modem? Please explain how you think the ISP can detect your are spoofing your MAC?

And if you don't mind saying, who is the ISP?

#17 thenotwist

thenotwist

    Mack Daddy 31337

  • Members
  • 216 posts

Posted 19 June 2008 - 06:44 PM

Ummmm I don't think you can change your MAC from within Windows, you'd need some 3rd-party software for that I guess. Unfortunately I don't know of any off the tip of my hat... Just google for some, I'm sure you'll get plenty of hits or maybe someone on the forums here can throw in a link.
I know some programs that can change your MAC in WIndows, but they're GUI and to execute them from within a batch script (that's like the equivalent of a linux shell script) they'd have to be command line based.

You could compile a list of valid MAC addresses an put them in a text file and everytime pass a different one as argument.

#18 Spyril

Spyril

    Hakker addict

  • Members
  • 588 posts
  • Location:North Dakota

Posted 20 June 2008 - 10:01 PM

Maybe I haven't read this thread carefully enough, but what the hell are you talking about? How would your ISP's servers on the internet detect a MAC spoof on a laptop from within an internal network? Tons of random MAC addresses come and go as they connect and disconnect from an access point, so what's so special about your computer's spoofed MAC address?

#19 darkstar

darkstar

    DDP Fan club member

  • Members
  • 49 posts

Posted 21 June 2008 - 02:11 AM

Well i was having same problem some months ago but thinking for some time i got an idea how to bypass it any way here is method.
1)Download Netscan (google It)
2)Open Netscan then press ctrl+o in additional tab check "Resolve Mac Address"
3)Then Click ok . In ip range type first three part of ip eg if ur ip address is 10.10.20.100 you will type 10.10.20.0 then in the to box type again 10.10.20.255
4)Click on scan.It will start scanning from their select an mac address
5) Download etterchange from this site http://ntsecurity.nu...ox/etherchange/ and change your mac address
6)Start Sniffing when mac address get's ban use another mac address from the list

You can detect sniffing through ettercap using one of it's plugin.

Hope it helps!!

#20 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 22 June 2008 - 03:33 PM

@ spyril and Vector. I was sniffing the whole lan connection

in my ethernet lan

there r two vlans
172.16.0.1-255 && 172.16.1.1-255

i was doing APR ARP Poison Routing

and poisoning their mac address so that the data gets redirected at my mac rather than to its default gateway.


Now.. its obvious ... bcz ... once i apr the whole (remember not 1 but the whole) lan.......... internet becomes.. very weak........ for the clients to surf.

and that very day ... i was caught.........! since that very day , even if i sniff two conn. my gateway bans my mac.. i had a word with my ISP guys they said .. they have put in a script .. which when detected spoofing wud bann that very mac.



Now guys above is the scenario i hope this is clear.

Now i wanna ask u expert guys.. firstly how r they detecting whether im spoofing or not secondly .. are they just bluffing and keeping a close look at my mac .


I used cain.. while sniffing .. even i sniff two conn my mac gets bann in winxp
i used arpspoofing , fragrouting and ettercap again arp poisoning .. and stil i gets banned


though i was reading some RFC regarding spoofing and if theres any script that can detects arp spoofing.. and i almost found that underlining concept.. ill surely post it here.. may be we can get some hint from their.



Thanks
for all of ur support till now!




BinRev is hosted by the great people at Lunarpages!