Security Basics mailing list archives
Re: MAC Spoofing Prevention in Wireless
From: Enis Sahin <enis.c.sahin () gmail com>
Date: Wed, 13 Jul 2011 10:09:09 +0300
Well I can confidently say that it somehow understands a cloned MAC address and disallowes you. I tried it with my two laptops. The scenario was this. I had an authenticated Windows box and an unauthenticated Linux box. I've statically assigned the IP address of the Winbox to the Linux box. Also cloned the MAC address. Then joined the Wireless with the Linux box while Windows was already logged in an immediately dropped the Windows box from the network. The Linux box was unable to reach the network resources. I also tried dropping the authenticated Windows box and immediately joining the network with the Linux box using the cloned addresses, again it was no good. I did some reading on it and I guess it has something to do with the sequence numbers of the packets each station is sending.. On 12 July 2011 02:54, Jeffrey Walton <noloader () gmail com> wrote:
On Sat, Jul 9, 2011 at 6:16 AM, Erik <security () vanwesten net> wrote:Op 8-7-2011 21:30, bjesmer () platformsolutions com schreef:The concept is fairly straight forward. The AP looks to see if there are 2 MACs of the same on the network and disallows the second one on the network. Not having worked with the Aruba yet, i would try a deauth attack against the mac you are going to spoof and then try to get on. If you can deauth that client and get on before it, you might be able to get in.Your answer indicates a lack of knowledge. A layer 2 MAC address is the only differentiating thing on a wireless network (with the exception of certificates, which, no doubt, are being used in the Aruba network) for different stations. You cannot tell the difference between MAC and MACclone, hence you cannot if there is more than one MAC address active and thus not 'disallow the second one'.Suppose the 'real' host is sensed to the left via the diversity antennae, and an attacker is spoofing on the 'right' side antennae? Suppose the AP sees a signal gain )or loss) when the attacker transmits with a spoofed MAC. I'm not claiming its easy, just that somethings could be different and measured at layer 2. Jeff ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
-- http://www.enissahin.com | http://twitter.com/enis_sahin ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- MAC Spoofing Prevention in Wireless Enis Sahin (Jul 04)
- Message not available
- Message not available
- Re: MAC Spoofing Prevention in Wireless Enis Sahin (Jul 05)
- Message not available
- Message not available
- <Possible follow-ups>
- Re: Re: MAC Spoofing Prevention in Wireless bjesmer (Jul 08)
- Re: MAC Spoofing Prevention in Wireless Erik (Jul 11)
- Re: MAC Spoofing Prevention in Wireless Jeffrey Walton (Jul 12)
- Re: MAC Spoofing Prevention in Wireless Enis Sahin (Jul 13)
- Re: MAC Spoofing Prevention in Wireless Erik (Jul 11)
- RE: Re: MAC Spoofing Prevention in Wireless David Gillett (Jul 13)
- Re: Re: MAC Spoofing Prevention in Wireless Jamie Ivanov (Jul 15)