4. CAPTIVE PORTAL VS MAC SPOOFING

CAPTIVE PORTAL VS MAC SPOOFING

  • I

    how to eliminate mac spoofing attack in PF sense??
    if i'm using captive portal.. will it be the best solution?

    see the picture above
    if the hacker spoof the victim while the victim already logon into captive portal
    is the session also being taken by hacker?
    is hacker can surf internet?

    ![mac spoofing.JPG](/public/imported_attachments/1/mac spoofing.JPG)
    ![mac spoofing.JPG_thumb](/public/imported_attachments/1/mac spoofing.JPG_thumb)

    0
  • C

    You can't stop MAC spoofing.

    0
  • I

    @Cry:

    You can't stop MAC spoofing.

    so is mac spoofing unstopable?
    to be clear maybe i'll juz give a story of my life..

    i'm doing some experiment about mac spoofing last month..
    i'm not spoofing someone PC
    but i'm spoofing the router mac

    do u know what happen after i spoof the router mac ?
    my internet company is shutdown, no internet at all ( i must restart the router then it works normally again)

    is it very dangerous don't u think??
    so if mac spoofing unstopable
    maybe u can give me advise to reduce mac spoofing attack..
    any solution?

    0
  • C

    Yes, you can't stop it.  No, you can't meaningfully reduce it either.

    All you can do is monitor for it and deal with it.

    The problem is simple - you don't control the PC.  Anybody with admin access to a PC can change it's MAC address in seconds, to any value they want.  There is no way you can, on the network, stop them doing that.

    Some (more expensive) switches will allow you to do logging and limit what MAC addresses can connect to what port.  Most wireless points also allow you to configure what MAC address can (or can't) connect.  You could add your router MAC to the list of MAC addresses that can't connect to wireless, but that's about it.

    0
  • I

    well thanks for ur opinion..
    that's open my eyes
    regards

    0
  • C

    This is the same problem of 802.1x. If an user had been authenticated then other can hijack his mac address and can surf with mac spoof.

    I think one script that monitor users, arp table and IPs can help us. Something using grep, awk, cut and others simples tools. When I have some time i'll spend it to try do one.

    Regards.

    0
  • 9

    Linksys RV042

    will block a mac if it dose not match the IP that way they would have to know the IP of the MAC they are spoofing this helps alot i dont know if pfsense dose that or not ???

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy