Security Basics mailing list archives

Re: MAC Spoofing Prevention in Wireless

From: Jeffrey Walton <noloader () gmail com>
Date: Mon, 11 Jul 2011 19:54:06 -0400

On Sat, Jul 9, 2011 at 6:16 AM, Erik <security () vanwesten net> wrote:

Op 8-7-2011 21:30, bjesmer () platformsolutions com schreef:


The concept is fairly straight forward. The AP looks to see if there are 2
MACs of the same on the network and disallows the second one on the network.
Not having worked with the Aruba yet, i would try a deauth attack against
the mac you are going to spoof and then try to get on. If you can deauth
that client and get on before it, you might be able to get in.


Your answer indicates a lack of knowledge. A layer 2 MAC address is the only
differentiating thing on a wireless network (with the exception of
certificates, which, no doubt, are being used in the Aruba network) for
different stations. You cannot tell the difference between MAC and MACclone,
hence you cannot if there is more than one MAC address active and thus not
'disallow the second one'.

Suppose the 'real' host is sensed to the left via the diversity
antennae, and an attacker is spoofing on the 'right' side antennae?
Suppose the AP sees a signal gain )or loss) when the attacker
transmits with a spoofed MAC. I'm not claiming its easy, just that
somethings could be different and measured at layer 2.

Jeff

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

MAC Spoofing Prevention in Wireless Enis Sahin (Jul 04)
- Message not available
  - Message not available
    - Re: MAC Spoofing Prevention in Wireless Enis Sahin (Jul 05)
- <Possible follow-ups>
- Re: Re: MAC Spoofing Prevention in Wireless bjesmer (Jul 08)
  - Re: MAC Spoofing Prevention in Wireless Erik (Jul 11)
    - Re: MAC Spoofing Prevention in Wireless Jeffrey Walton (Jul 12)
    - Re: MAC Spoofing Prevention in Wireless Enis Sahin (Jul 13)
  - RE: Re: MAC Spoofing Prevention in Wireless David Gillett (Jul 13)
- RE: Re: MAC Spoofing Prevention in Wireless David Gillett (Jul 14)
  - Re: Re: MAC Spoofing Prevention in Wireless Jamie Ivanov (Jul 15)