What happens if someone fakes an existing MAC address?

Archived from groups: alt.internet.wireless (More info?)

In our network, we had some problems possibily caused by intruders. So the
least thing we could do is to filter on MAC addresses. But what if one of
these intruders discover what MAC adresses are in use? (In fact not hard to
discover, even there is WEP. We can't use WPA because we have to replace all
of our clients equipment:-(
A MAC address is very easy to clone. If someone does this, will this block
an existing user? Is it possible for the intruder to gain access to the
(local) part of the network? (all other connections are VPN)


Regards,


Marcel


--
Posted by news://news.nb.nu

Archived from groups: alt.internet.wireless (More info?)

"Thomas Krüger" <thomas.krueger@gmx.net> schreef in bericht
news:ch5chc$jrf$03$1@news.t-online.com...

>
> The intrudes will pass the MAC filter without any problem.
>

Agree



>
> WEP will not hide the MAC address. It's still transmited with every
packet.
>

Hmm, thats waht i didn't know......

>
> WAP will not hide the MAC address also.
> As you can see the MAC filter is one of the most insecure securety
feature.
>
> > A MAC address is very easy to clone.
>
> Yep, on Linux the intruder just has to do a "ifconfig interface hw ether
> new_mac_address".
>

Most standalone wireless interfaces can do that also:-(


> > If someone does this, will this block
> > an existing user?
>
> That hardly depends on the firmware of the access point and how it reacts
on
> double authentication. And how the client reacts on receiving it's own
> packets. In most cases the both system will keep working but there will be
> some errors.
>


Hmm, that's something which can be tested at the office....



> If he also has the WEP key he has the same access level as the faked user.
> The WEP key can be retrieved with tools like airsnort by sniffing a big
> amount of data from the WLAN.
>


Yep. Thats why all traffic over the network are encrypted VPN tunnels.
He/she can't use the internetconnection, but he/she can jam the local
network which much off local traffic.


Marcel


--
Posted by news://news.nb.nu