Detecting Wireless LAN MAC Address Spoofing

    Date22 Jan 2003
    4789
    Posted ByAnthony Pell
    An attacker wishing to disrupt a wireless network has a wide arsenal available to them. Many of these tools rely on using a faked MAC address, masquerading as the network access point or as an authorized client. Using these tools, an . . . An attacker wishing to disrupt a wireless network has a wide arsenal available to them. Many of these tools rely on using a faked MAC address, masquerading as the network access point or as an authorized client. Using these tools, an attacker can launch denial of service attacks, bypass access control mechanisms, or falsely advertise services to wireless clients.

    This paper describes some of the techniques attackers utilize to disrupt wireless networks through MAC address spoofing, demonstrated with captured traffic that was generated by the AirJack, FakeAP and Wellenreiter tools. Through the analysis of these traces, the author identifies techniques that can be employed to detect applications that are using spoofed MAC addresses. With this information, wireless equipment manufacturers can implement anomaly-based intrusion detection systems capable of identifying MAC address spoofing to alert administrators of ongoing attacks against their networks.

    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":100,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.