Don’t really need to send a tech immediately. More efficient to get a gas station clerk (or whoever works where the ATM may be located) to verify nobody is trying to fuck with it on-site and they didn’t lose power/internet at their location, before escalation.
Comment on In search of riches, hackers plant 4G-enabled Raspberry Pi in bank network
halcyoncmdr@lemmy.world 3 weeks agoSpoofing a MAC is easy but it still requires knowing both what an existing valid address is, and ensuring that it’s not already connected to the network. It’s only operational overhead when a new device is onboarded, after that the impact is minimal.
A policy that requires sending a tech is fine, but if you have hundreds or thousands of individual locations then you aren’t going to have a tech onsite at every one of them to quickly check and fix an issue, and you don’t really want to have to trust an end user to verify and/or make physical changes on site if you can avoid it.
Zorsith@lemmy.blahaj.zone 3 weeks ago
lazynooblet@lazysoci.al 3 weeks ago
This is still trivial. A Pi with 2 NICs and a Linux bridge. Using the 2 ports, effectively put the Pi in between the device you want to spoof and the rest of the network. Now you can see the traffic, the MAC addresses etc.
FauxLiving@lemmy.world 3 weeks ago
Port security prevents this. As soon as the switch detects a physical disconnect it disables the port.
You could, with some electrical engineer-level tools and hardware, passively read the traffic to determine the MAC and then splice into the wire without disrupting the physical connection. But it would be very hard to do covertly or quickly.