Detecting Wireless LAN MAC Address Spoofing Essay -- Technology Techno

Detecting Wireless LAN mack verbalise SpoofingAbstract An attacker wishing to disrupt a wireless cyberspace has a wide arsenal available to them. Many of these tools rely on using a faked mac maneuver, masquerading as an reservoirized wireless gate point or as an authorized lymph gland. Using these tools, an attacker squirt launch denial of service attacks, bypass access control mechanisms, or falsely advertise services to wireless clients. This presents queer opportunities for attacks against wireless networks that atomic number 18 difficult to detect, since the attacker locoweed present himself as an authorized client by using an altered MAC address. As nearly wholly wireless NICs permit changing their MAC address to an arbitrary valuate through vendor-supplied drivers, open-source drivers or various application programming writeworks it is unreal for an attacker to wreak havoc on a target wireless LAN. This paper describes some of the techniques atta ckers utilize to disrupt wireless networks through MAC address spoofing, demonstrated with captured traffic that was generated by the AirJack, FakeAP and Wellenreiter tools. done the analysis of these traces, the author identifies techniques that can be employed to detect applications that are using spoofed MAC addresses. With this information, wireless equipment manufacturers could implement anomaly-based intrusion detection systems capable of identifying MAC address spoofing to alert administrators of attacks against their networks.Introduction MAC addresses have long been used as the singularly unique layer 2 network identifier in LANs. Through controlled, organizationally unique identifiers (OUI) allocated to hardware manufacturers, MAC addresses are globally unique ... ... Network administrators and intrusion analysts need to be aware of the risks associated with 802.11 network deployment, and the techniques that can be used to identify malicious client activity. Works Ci tedAirJack. pass on 802.11 Attack Tools. universal resource locator http//802.11ninja.net/ (12 Nov 2002).FakeAP. Black Alchemy Weapons Lab. URL http//www.blackalchemy.to/project/fakeap/ (19 downslope 2002).IEEE. IEEE OUI and Company_id Assignments. URL http//standards.ieee.org/regauth/oui/oui.txt (13 Nov 2002).Malinen, Jouni. Host AP driver for Intersil Prism2/2.5/3. File README.prism2, URL http//hostap.epitest.fi/ (13 Nov 2002).Schiffman, Mike. Radiate 802.11b frame handling. URL http//www.packetfactory.net/projects/radiate/ (13 Nov 2002).Wellenreiter. Wireless LAN Discovery and Auditing Tool URL http//www.remote-exploit.org/ (19 Dec 2002).