Markus-Go / bonesi

BoNeSi - the DDoS Botnet Simulator
Apache License 2.0
659 stars 198 forks source link

Is there anyway to alter the physical address, because for all random ip address it is using same physical address... #21

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1.the destination can easily identify the attacks are happening from same 
system by identifying hardware address of source.

 2.  it can be mitigated easily...

3.

What is the expected output? What do you see instead?

What version of the product are you using? On what operating system?

Please provide any additional information below.

Original issue reported on code.google.com by benerj...@gmail.com on 11 Feb 2014 at 8:20

GoogleCodeExporter commented 9 years ago
Hello,

in a typical setup, the internet is connected using a router. This means that 
all IP packets coming from a botnet usually share the same physical address 
(namely the one of the router(s)). 

An attack using different MAC addresses as sources would imply that the botnet 
is within your collision domain and thus within your internal network. This is 
an extremely unlikely scenario and thus not considered with the botnet 
simulator.

A mitigation device to protect an externally available server blocking specific 
physical hardware addresses might questionable at all.

Original comment by Markus-Go on 11 Feb 2014 at 10:02

GoogleCodeExporter commented 9 years ago
Hai,

Thanks for replying but my intention is not to be identified by the
destination.. with bonesi one can easily identify the system/server is
under attack....please think about this............

Thanks & regards
Benerji

Original comment by benerj...@gmail.com on 11 Feb 2014 at 1:30

GoogleCodeExporter commented 9 years ago
Hai,

                I saw another tool hyenae where we can spoof hardware
addresses too...

Original comment by benerj...@gmail.com on 11 Feb 2014 at 1:55