Multispoof is an application, which exploits weak, address based authentication very frequently implemented by ISPs in Ethernet networks. In such networks customers are identified with IP-MAC address pairs, and only those paying ISP are granted access to the Internet.
Multispoof uses IP and MAC spoofing to impersonate legitimate customers. The idea is not new, but multispoof does it in a smart way. As it impersonates only inactive customers, there is no address conflicts. And using multiple addresses in parallel in combination with load balancing allows to achieve much higher transfer rates.
It could be compared with download accelerating software, because higher throughput is achieved with multiple transmissions. The difference is that multispoof operates on layers 2 and 3 of the OSI model. In contrast, download accelerator uses multiple TCP streams - the fourth layer of OSI model.
Pawel Pokrywka has created multispoof as a software project for my M.Sc. thesis, so entire application (version 0.6.1) is documented quite precisely in there. If you read Polish, you can get my thesis in papers section on my page. I've spent entire chapter on spoofing detection and prevention techniques, so if you are an ISP, you may be interested too.
Features:
* Accelerates throughput multiple times using parallel spoofing with load balancing
* When aggresively used can fill up your ISP Internet link, so its great for testing maximal throughput of provider
* IP and MAC spoofing
* Only inactive addresses are used for spoofing. No address conflicts
* Detection of active hosts performed with ARP scanning
* Only addresses permitted to access external network (usually Internet) are used in spoofing process. Connectivity testing is easily configurable
