Slashdot Mirror

← Back to Stories (view on slashdot.org)

Detecting Spoofed MAC Addresses On 802.11 Nets

Posted by timothy on from the leech-reduction dept.

Joshua Wright writes "I have written a white paper on detecting spoofed MAC addresses on wireless LAN's. This paper describes some of the techniques attackers utilize to disrupt wireless networks through MAC address spoofing, demonstrated with captured traffic that was generated by the AirJack, FakeAP and Wellenreiter tools. Utilizing the techniques I describe, it is possible to identify users who utilize spoofed MAC addresses on 802.11 networks to launch denial of service attacks, bypass access control mechanisms, or falsely advertise services to wireless clients."

1 of 18 comments (clear)

  1. good effort, but not quite what it seems... by ubiquitin · · Score: 4, Informative

    Basically what this guy did was realize that the MAC-generation algorithm in spoofing software Wellenreiter has a weakness, namely that the OUI's it generates aren't all legit. (OUI is the organizational unique identified which is in the first few bits of the MAC address.) Also see helpful Sourceforge description of Wellenreiter.

    He similarly points out limitations in denial of service tools: AirJack and FakeAP software. However, this isn't the same as giving a general technique for analyzing MAC addresses on 802.11b, something which was strongly implied in the original post.

    --
    http://tinyurl.com/4ny52