Jump to content


Photo
- - - - -

How to avoid the spoof detection script employed by my isp


  • This topic is locked This topic is locked
27 replies to this topic

#1 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 17 June 2008 - 02:06 PM

Hi Guys

for the past two weeks i was sniffing my ethernet lan ... switch connection................

using Cain... in windows.......... and ettercap and dsniff using........ linux.........

Now my ISP .. has employed a spoof detection script ... which wud bann a mac address which is......spoofing......... I wanna know... first of all .. what is this script .. secondly how to by pass this restriction............... i tried using arpspoofing two mac .. one my routers one clients.... and also switched fargrouting on...... my isp was able to block my mac.

then i used using cain.. spoofing still no respite..



Regards
Rakshit

#2 LUCKY_FUCKIN_CHARMS

LUCKY_FUCKIN_CHARMS

    TCP/IP....PI/MP

  • Members
  • 1,493 posts
  • Gender:Male
  • Location:Las Vegas

Posted 17 June 2008 - 04:51 PM

i doubt that its actually a "script" that they employed per-se. it more likely has to do with mac address restrictions of some isp's. in that case you may have to clone the mac addy registered with your isp most routers support this feature, also if youre on a wired lan segment why dont you just monitor traffic using port mirroring if your router supports it.

#3 PurpleJesus

PurpleJesus

    Dangerous free thinker

  • Members
  • 1,578 posts
  • Gender:Male
  • Location:800

Posted 17 June 2008 - 05:24 PM

Are you on a cable modem?? I know that if I change my mac address on my router I have to cycle the cable modem.

Edited by PurpleJesus, 17 June 2008 - 05:26 PM.


#4 Lord Wud

Lord Wud

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 423 posts
  • Location:New Jersey

Posted 17 June 2008 - 09:11 PM

This post makes me want to stab myself for every time i ever used more then one period in a row. That being said, if you think your mac address has been blocked, change it.


EDIT: Also it is really not a good idea to piss off the admins at your ISP. Remember that they can sniff all of your internet traffic, and chances are that their boss is too busy to care.

Edited by Lord Wud, 17 June 2008 - 09:18 PM.


#5 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 17 June 2008 - 09:16 PM

yeah its cable modem....................... I wanna continuing spoofing , that im not able to .. bcz when i start my spoofing program.. it bans my mac address how do i pass this restriction so that i continue spoofing and sniffing
















reg
raks

#6 PurpleJesus

PurpleJesus

    Dangerous free thinker

  • Members
  • 1,578 posts
  • Gender:Male
  • Location:800

Posted 17 June 2008 - 09:34 PM

yeah its cable modem....................... I wanna continuing spoofing , that im not able to .. bcz when i start my spoofing program.. it bans my mac address how do i pass this restriction so that i continue spoofing and sniffing















reg
raks




If you're plugged straight into the cable modem, try cycling the power to the modem after you change your mac. If you're hooked up to a router it shouldn't matter unless you're spoofing the router's mac.
Either way, it won't help much; the IP still tracks back to your terminal address/modem.

#7 Remix

Remix

    SUP3R 31337

  • Members
  • 173 posts
  • Location:New York

Posted 18 June 2008 - 08:27 AM

why do you post like such an asshole .................................................................















?

#8 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 18 June 2008 - 10:13 AM

Mind ur language Mr.


Secondly..... what asshole... features u find in this post! :huh:

do give ur insight??

#9 KingofFools

KingofFools

    Will I break 10 posts?

  • Members
  • 6 posts

Posted 18 June 2008 - 12:34 PM

Secondly..... what asshole... features u find in this post! :huh:




Just a guess, but how about ............................................................................? Maybe? haha

#10 Remix

Remix

    SUP3R 31337

  • Members
  • 173 posts
  • Location:New York

Posted 18 June 2008 - 02:17 PM

Mind ur language Mr.


Secondly..... what asshole... features u find in this post! :huh:

do give ur insight??


Isn't it obvious? maybe I am just delusional...

#11 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 19 June 2008 - 12:31 AM

may be dumb heads like u find this post.............. unsual lol.............


u need to expeirence....... to write something!

if u know the answer very well .. if u dont.. then please shut ur freakin mouth...

#12 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 19 June 2008 - 12:52 AM

@vector


No dude... it is a real script that bans a mac address found spoofing , i tried with some other mac and my connection was working as b4.

the only thing i cant do is arp sniffing... in my lan or else my mac is banner....... either i spoof or i dont.

#13 thenotwist

thenotwist

    Mack Daddy 31337

  • Members
  • 216 posts

Posted 19 June 2008 - 03:23 AM

Write a script yourself to change your MAC address everytime it gets blocked.

#14 Andre van dem Helge

Andre van dem Helge

    mad 1337

  • Members
  • 135 posts

Posted 19 June 2008 - 03:44 AM

Generally EVERY TIME you change the MAC address you MUST POWER CYCLE THE MODEM.

I would read with care the MAC registry and rules and make sure the MAC you are using is 100% "valid" and of course powercycle the modem before you draw any conclusions.

Why would the ISP care if you spoofed the CM side IP of your device, anyways? I really think you just aren't powercycling.

#15 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 19 June 2008 - 02:03 PM

I have been sniffing the whole lan conn. by poisoning other clients mac address using cain.

My ISP .. have put up a script.. , where if u even spoof a mac address.. ur mac will be banned. and i have to configure some other mac to work it again.



@thenotwist

Nice idea... but .. can u tell me .. how to make this script in linux and windows (sorry sounding very noobe).

#16 rakshit

rakshit

    Gibson Hacker

  • Members
  • 98 posts

Posted 19 June 2008 - 02:25 PM

@ thenotwist

Making a script for changing my mac everytime i connect d internet .. on linux .. by creating a shell script.. is easy

But how wud i do this in winxp.. (im really noob in here)

could u guide me how to go abt it .


thanks

#17 Andre van dem Helge

Andre van dem Helge

    mad 1337

  • Members
  • 135 posts

Posted 19 June 2008 - 04:57 PM

I have been sniffing the whole lan conn. by poisoning other clients mac address using cain.

My ISP .. have put up a script.. , where if u even spoof a mac address.. ur mac will be banned. and i have to configure some other mac to work it again.


So your ISPs script detects if you changed the MAC address without powercycling the modem? Please explain how you think the ISP can detect your are spoofing your MAC?

And if you don't mind saying, who is the ISP?

#18 thenotwist

thenotwist

    Mack Daddy 31337

  • Members
  • 216 posts

Posted 19 June 2008 - 06:44 PM

Ummmm I don't think you can change your MAC from within Windows, you'd need some 3rd-party software for that I guess. Unfortunately I don't know of any off the tip of my hat... Just google for some, I'm sure you'll get plenty of hits or maybe someone on the forums here can throw in a link.
I know some programs that can change your MAC in WIndows, but they're GUI and to execute them from within a batch script (that's like the equivalent of a linux shell script) they'd have to be command line based.

You could compile a list of valid MAC addresses an put them in a text file and everytime pass a different one as argument.

#19 LUCKY_FUCKIN_CHARMS

LUCKY_FUCKIN_CHARMS

    TCP/IP....PI/MP

  • Members
  • 1,493 posts
  • Gender:Male
  • Location:Las Vegas

Posted 20 June 2008 - 06:54 AM

ok a couple of things i dont understand here. first is, what do you mean your mac is getting "banned" evrytime you change it? how exactly are you changing it, what type of network card are you using,, have you tried sniffing only traffic between certain local computers, have you tried port mirroring instead of arp spoofing? give some more details on exactly how you have everything set up and give a description of your LAN setup. but just simply saying " ZOMG MAH ISP'S CAN IZ BLOCKIN MAH SPOOFS" isnt really enough to go on.

#20 Spyril

Spyril

    Hakker addict

  • Members
  • 588 posts
  • Location:North Dakota

Posted 20 June 2008 - 10:01 PM

Maybe I haven't read this thread carefully enough, but what the hell are you talking about? How would your ISP's servers on the internet detect a MAC spoof on a laptop from within an internal network? Tons of random MAC addresses come and go as they connect and disconnect from an access point, so what's so special about your computer's spoofed MAC address?




BinRev is hosted by the great people at Lunarpages!