Results 1 to 7 of 7

Thread: wireless MAC changer

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325

    wireless MAC changer

    I was setting up a wireless 802.11g network a weekend or so ago and I set in place all possible measures that I know of to "secure" the WAP/router and WLAN. (I tried to talk em into running wires.. but they insisted on w/less. I even explained to them the dangers and etc.)

    There isn't much info on the computers and it is really only used for web surfing.

    Well, I changed the default name and disabled the broadcast of SSID, enabled the 128-bit WEP, disabled DHCP, changed the default admin password, and put in place MAC filtering. I even put it on a subnet that isn't the defualt... ex. 10.96.128.x whatever, I just pulled one out of the air.

    I know that the WEP can be cracked given enough time, and the ip(s) and ssid can also be grabbed. So, I was mainly relying on the MAC filtering...

    Well.. that was pretty dumb. I just found a tool called MAC Changer

    I'm pretty new to securnig WLANs and WAPs... is there any way to detect a spoofed MAC?

    There would be a conflict when the other MAC was in use, but when it wasn't in use... how can you detect it?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    You could try reading this I learned a few things from it
    It is a Pdf file btw
    http://www.net-security.org/article.php?id=364

  3. #3
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    recently completed a white paper that demonstrates some techniques
    that can be used for detecting spoofed MAC addresses on 802.11
    networks. In this paper I identify tactics that can be used to
    identify the use of the Wellenreiter, FakeAP and AirJack tools
    through anomaly analysis. Here is the abstract:
    Source http://lists.insecure.org/lists/bugt.../Jan/0195.html

    link to the whitepaper
    http://home.jwu.edu/jwright/papers/wlan-mac-spoof.pdf
    =

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    sweet! thanks for the quick replies. I appreciate it.

    Wow... the first thing that came up in google... I guess I should have searched before I posed.

    /me bangs head on desk over and over again till I hear google ringing in the back of my head...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    Hey don't worry about it I was reading it and when I saw your question I knew you would learn something from it and that is what A.O is all about sharing Information with one another

  6. #6
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I found this also. That link DeadAddict was coming up everywhere so I tried to find you another reference. Don't know if this applies to your situation or not:
    http://www.3gpp.org/ftp/tsg_sa/WG3_S.../S3-020524.pdf

    Here is a copy and paste from part of it
    Rogue AP attack
    In a rogue AP attack, the attacker employs an AP (masqueraded as a legitimate AP in a given hotspot) connected to an
    MS, as depicted in Figure 1. Based on signal strength, an unsuspecting MS may connect to the rogue AP and start to
    perform authentication. Since no messages can be integrity protected before authentication, the attacker substitutes the
    MAC/IP address-pair of his own MS and relays the authentication messages to a legitimate AP. In this way, the
    authentication procedure binds the MAC/IP address-pair of the attacking MS to the credentials of the legitimate user.
    As a consequence, the attacker gains access to anything the legitimate user would, while the legitimate user is denied
    access. This attack is only applicable if the authentication does not result in encryption/integrity keys to protect the
    session.

    Figure 1. Rogue AP used for man-in-the-middle attacks
    The same equipment may also be used to redirect a user’s traffic to a completely different network. That is, the attacker may trick the user into believing that he is accessing the given WRAN, when he in fact is connected to a network of the
    attacker’s choice.
    Hope this helps

  7. #7
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    yeah no problem man. We are here to help. sometimes lol

    Looks like you can monitor your network traffic though to check for Mac spoofing.
    =

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •