This website uses cookies to ensure you have the best experience. Learn more

Detecting Wireless Lan Mac Address Spoofing

4074 words - 16 pages

Detecting Wireless LAN MAC Address Spoofing


An attacker wishing to disrupt a wireless network has a wide arsenal available to them. Many of these tools rely on using a faked MAC address, masquerading as an authorized wireless access point or as an authorized client. Using these tools, an attacker can launch denial of service attacks, bypass access control mechanisms, or falsely advertise services to wireless clients.

This presents unique opportunities for attacks against wireless networks that are difficult to detect, since the attacker can present himself as an authorized client by using an altered MAC address. As nearly all wireless NICs permit changing their MAC address to an arbitrary value – through vendor-supplied drivers, open-source drivers or various application programming frameworks – it is trivial for an attacker to wreak havoc on a target wireless LAN.

This paper describes some of the techniques attackers utilize to disrupt wireless networks through MAC address spoofing, demonstrated with captured traffic that was generated by the AirJack, FakeAP and Wellenreiter tools. Through the analysis of these traces, the author identifies techniques that can be employed to detect applications that are using spoofed MAC addresses. With this information, wireless equipment manufacturers could implement anomaly-based intrusion detection systems capable of identifying MAC address spoofing to alert administrators of attacks against their networks.


MAC addresses have long been used as the singularly unique layer 2 network identifier in LANs. Through controlled, organizationally unique identifiers (OUI) allocated to hardware manufacturers, MAC addresses are globally unique for all LAN-based devices in use today. In many cases, the MAC address of a workstation is used as an authentication factor or as a unique identifier for granting varying levels of network or system privilege to a user.

This method of client tracking and authentication is also employed in 802.11 wireless networks. Attackers targeting wireless LANs utilize the ability to change their MAC address to circumvent network security measures: an attacker with minimal skill might alter their MAC address in an effort to masquerade or hide their presence, an attacker with minimally more skill might change their MAC address to one that is otherwise authorized to bypass access control lists or to escalate network privileges.

In this paper, I demonstrate two methods of detecting wireless LAN (WLAN) MAC address spoofing. I also show how these methods can be used to detect the activity of devious WLAN attack tools.

Changing MAC Addresses

The phrase “MAC address spoofing” in this context relates to an attacker altering the manufacturer-assigned MAC address to any other value. This is conceptually different than traditional IP address spoofing where an attacker sends data from an arbitrary source address and...

Find Another Essay On Detecting Wireless LAN MAC Address Spoofing

Wireless Network Technology Essay

1921 words - 8 pages , rouge devices actively communicating with valid devices, ad-hoc networks, bridged networks, deviations from the network security policy, MAC spoofing, packet flooding denial-of service attacks and frames having 802.11 protocol violations (Shin, M, Ma, J, Mishra, A & Arbaugh, WA 2006). WIDS have some components such as access points, Intrusion detection system, monitoring station, server, wireless devices, wireless drones and wireless switch

Network Physical Threats Essay

1083 words - 5 pages address maintenance issues for all network equipment to avoid issues later on. Network Threats Threats can happen on a network regardless of the type, whether wired or wireless. Providing adequate security for the network should ensure minimal disruptions. The network threats can be broken into four classes to include: structured threats, unstructured threats, internal threats, and external threats. Structured threats usually come from individuals who

Wireless Networking

991 words - 4 pages software program and a LAN or computer used as a WEB server. To share an Internet connection with two hardware access points, connect to your LAN and allow wireless access computers to access the existing Internet connection in the same way as a wired LAN computer. Networking software will have no problem recognizing the Wireless cards. Wireless cards just like Ethernet cards have a unique MAC hardware address that are formatted like Ethernet

The ABC'S of 'Hacking' Part 2

1421 words - 6 pages , and reliable. The sequence of data transmission with ARP is this: the sending computer asks the destination computer to give the MAC address, where it sends the MAC address to the requesting computer where it is stored on the sending computer in the form an ARP table that associates that computer with that MAC address for easy future data transfer.This is where ARP spoofing happens where the remote hacker has control an ARP table of the destination

Research Paper

3094 words - 12 pages nowadays. Wi-Fi routers and access points that support MAC filtering let you specify a list of MAC addresses that may connect to the access point, and thus dictate what devices are authorized to access the wireless network. When a device is using MAC filtering, any address not explicitly defined will be denied access.      Some products take MAC filtering a step further and let you grant or deny access to either the LAN

Ethernet Protocol

939 words - 4 pages speed means a decrease in network size because of collision detection. To maintain compatibility with Ethernet the carrier event is extended, which allows the Ethernet to send and receive larger amounts of information. (Allen)The Ethernet Media Access Code (MAC) sub layer is part of the second layer of the OSI protocol. The MAC sub layer is used for data encapsulation, which include assembling the frame before transmission and detecting errors

Implementing a New Wide Secure Wireless Network at Brigham Young University Hawaii

2628 words - 11 pages LAN configurations. VLANs can address scalability, security, and network management. It covers several key issues when designing and building switched LAN networks: • LAN segmentation • Security • Broadcast control • Performance • Network management • Communication between VLANs PART 2 INTRODUCTION: The wireless networks are being used by many organizations and they are highly increased this is because of the low cost compared to fixed

Refining TCP´s RTT Dependent Mechanisms with an Advent of Link Retransmission Delay Measurement in Wireless LAN

3133 words - 13 pages , Oliver Yang, Yantai Shu, Sheng Lin, Jinsong Wang, and Jiarong Luo., A Distributed MAC Layer Congestion Control Method to Achieve High Network Performance for EAST Experiments, IEEE Transactions on Nuclear Science, 60(5), (2013), pp: 3758–3763. [31] IEEE Standard for Information Technology - Telecommunications and Information Exchange Between Systems - Local and Metropolitan Area Networks -Specific Requirements - Part 11: Wireless LAN Medium

Compatibility of Wireless Technology

1165 words - 5 pages changing the face of technology as we know it today. A major problem associated with wireless technology is security. Wireless systems do not employ the use of physical media to transmit signals but rather, depend on air as the primary medium of transmission. These signals may be hijacked by malicious people and used to perform illegal acts such as key logging, spoofing, eavesdropping and gaining access to the resources of an organization. All

Internet Connectivity

1889 words - 8 pages with a list of all the Mac addresses that will be using the network. If an address is not in the list the client will not be able to access the AP even if the SSID is correct.WEP SecurityWEP was created to protect clients from unauthorised access over WLAN. However the WEP standard does not meet these aims fully. These security issues need to be tackled as the popularity for wireless is extremely high.Olufade, Adenike and Chukwuzitere (2008

The insecurities surrounding wireless networks with a brief background on how wireless networks work

2362 words - 9 pages interface cards allow the user to enter the MAC address manually enabling hackers to spoof a valid MAC address.The third method is Wired Equivalent Privacy or WEP is the primary security architecture of wireless networks. Because this is one of the more widely used methods of security this section will go into greater detail than the previous. WEP was implemented to bring wireless security up to a similar level of a wired network. The principle

Similar Essays

Network Security Essay

667 words - 3 pages – With MAC spoofing an attacker sends a frame with a forged sender address overwrites the correct entry in the MAC table and redirects traffic to himself. This becomes more useful, if the real owner of the MAC address can be disabled or is known to be off-line. Otherwise traffic will flip-flop between the two hosts. Also with software an attacker can easily generate enough frames with random addresses to overwrite an entire MAC table and make the

Security And The Osi Model Essay

1605 words - 6 pages layer are: • One device may claim to be a different device by spoofing the MAC address • Spanning Tree errors could be introduced either accidental or on purpose causing packets to transmit in infinite loops. • Switches could flood all traffic to the VLAN ports and not forward to the proper port. This could result in data being intercepted by any device that is connected to the VLAN. • Stations could be force direct communication with other

Wireless Network Security Essay

3559 words - 14 pages most importantly security features. These standards are currently in development, and will sit atop of existing ones delivering more robust performance Wireless LAN.?[5] The wireless market is expected to grow significantly over the next several years. As this growth occurs, solution providers will also be expected to address security concerns. [6] Components of a wireless network IEEE 802.11 wireless networks consist of the following

Vo Ip: A New Frontier For Security And Vulnerabilities

2668 words - 11 pages VoIP packages are bundled with firewalls and other security tools. These tools can monitor network traffic, detecting any signs of suspicious activity, such as spoofing or DoS attacks. Vendors of VoIP equipment such as Avaya, Cisco, Nortel, Siemens, and 3Com have begun implementing new security features, such as restricting the number of MAC addresses on a port (making it harder to spoof network devices). Encryption     &nbsp