Detecting Wireless LAN MAC Address Spoofing
by Joshua Wright, GCIH, CCNA - Wednesday, 22 January 2003.
An attacker wishing to disrupt a wireless network has a wide arsenal available to them. Many of these tools rely on using a faked MAC address, masquerading as an authorized wireless access point or as an authorized client. Using these tools, an attacker can launch denial of service attacks, bypass access control mechanisms, or falsely advertise services to wireless clients. This presents unique opportunities for attacks against wireless networks that are difficult to detect, since the attacker can present himself as an authorized client by using an altered MAC address. As nearly all wireless NICs permit changing their MAC address to an arbitrary value – through vendor-supplied drivers, open-source drivers or various application programming frameworks – it is trivial for an attacker to wreak havoc on a target wireless LAN.

This paper describes some of the techniques attackers utilize to disrupt wireless networks through MAC address spoofing, demonstrated with captured traffic that was generated by the AirJack, FakeAP and Wellenreiter tools. Through the analysis of these traces, the author identifies techniques that can be employed to detect applications that are using spoofed MAC addresses. With this information, wireless equipment manufacturers could implement anomalybased intrusion detection systems capable of identifying MAC address spoofing to alert administrators of attacks against their networks.

Download the paper in PDF format here.

Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //