Detecting Spoofed MAC Addresses On 802.11 Nets 18
Joshua Wright writes "I have written a white paper on detecting spoofed MAC addresses on wireless LAN's. This paper describes some of the techniques attackers utilize to disrupt wireless networks through MAC address spoofing, demonstrated with captured traffic that was generated by the AirJack, FakeAP and Wellenreiter tools. Utilizing the techniques I describe, it is possible to identify users who utilize spoofed MAC addresses on 802.11 networks to launch denial of service attacks, bypass access control mechanisms, or falsely advertise services to wireless clients."
Re:First Post! (Score:2, Informative)
No, for one important reason... (Score:2, Informative)
UNLESS...........
the intruder either waits until the user's counter is about to flip back to 0, then DoS the user, and reset his counter, then spoof the MAC address. Or perhaps a virus or trojan could be written that would reset the valid user's counter somehow.
good effort, but not quite what it seems... (Score:5, Informative)
He similarly points out limitations in denial of service tools: AirJack [11ninja.net] and FakeAP [blackalchemy.to] software. However, this isn't the same as giving a general technique for analyzing MAC addresses on 802.11b, something which was strongly implied in the original post.
Re:good effort, but not quite what it seems... (Score:3, Informative)
I don't have mod points, so I've reposted it with my +1 bonus (since the Score:5, Informative parent post is wrong).