Detecting Wireless LAN MAC Address Spoofing Essay -- Technology Techno

Detecting Wireless LAN MAC Address SpoofingAbstract An assailant wishing to disrupt a wireless network has a spacious arsenal available to them. Many of these tools rely on employ a faked MAC address, masquerading as an authorized wireless access point or as an authorized client. Using these tools, an attacker can launch defense of service attacks, bypass access control mechanisms, or falsely labour services to wireless clients. This presents extraordinary opportunities for attacks against wireless networks that are difficult to detect, since the attacker can present himself as an authorized client by using an altered MAC address. As nearly all wireless NICs have changing their MAC address to an arbitrary value through vendor-supplied drivers, open-source drivers or various application programming frameworks it is trivial for an attacker to solve havoc on a target wireless LAN. This paper describes or so of the techniques attackers utilize to disrupt wireless networks through MAC address spoofing, present with captured traffic that was generated by the AirJack, FakeAP and Wellenreiter tools. Through the analysis of these traces, the author identifies techniques that can be employed to detect applications that are using spoofed MAC addresses. With this information, wireless equipment manufacturers could instrument anomaly-based aggression detection systems capable of identifying MAC address spoofing to alert administrators of attacks against their networks. foundation MAC addresses have long been apply as the singularly curious layer 2 network identifier in LANs. Through controlled, organizationally unique identifiers (OUI) allocated to hardware manufacturers, MAC addresses are globally unique ... ... Network administrators and intrusion analysts need to be aware of the risks associated with 802.11 network deployment, and the techniques that can be used to identify malicious client activity. Works CitedAirJack. Advanced 802.11 At tack Tools. uniform resource locator http//802.11ninja.net/ (12 Nov 2002).FakeAP. Black Alchemy Weapons Lab. URL http//www.blackalchemy.to/project/fakeap/ (19 Dec 2002).IEEE. IEEE OUI and Company_id Assignments. URL http//standards.ieee.org/regauth/oui/oui.txt (13 Nov 2002).Malinen, Jouni. armament AP driver for Intersil Prism2/2.5/3. File README.prism2, URL http//hostap.epitest.fi/ (13 Nov 2002).Schiffman, Mike. Radiate 802.11b frame handling. URL http//www.packetfactory.net/projects/ emit/ (13 Nov 2002).Wellenreiter. Wireless LAN Discovery and Auditing Tool URL http//www.remote-exploit.org/ (19 Dec 2002).