• how to eliminate mac spoofing attack in PF sense??
    if i'm using captive portal.. will it be the best solution?

    see the picture above
    if the hacker spoof the victim while the victim already logon into captive portal
    is the session also being taken by hacker?
    is hacker can surf internet?

    ![mac spoofing.JPG](/public/imported_attachments/1/mac spoofing.JPG)
    ![mac spoofing.JPG_thumb](/public/imported_attachments/1/mac spoofing.JPG_thumb)

  • You can't stop MAC spoofing.

  • @Cry:

    You can't stop MAC spoofing.

    so is mac spoofing unstopable?
    to be clear maybe i'll juz give a story of my life..

    i'm doing some experiment about mac spoofing last month..
    i'm not spoofing someone PC
    but i'm spoofing the router mac

    do u know what happen after i spoof the router mac ?
    my internet company is shutdown, no internet at all ( i must restart the router then it works normally again)

    is it very dangerous don't u think??
    so if mac spoofing unstopable
    maybe u can give me advise to reduce mac spoofing attack..
    any solution?

  • Yes, you can't stop it.  No, you can't meaningfully reduce it either.

    All you can do is monitor for it and deal with it.

    The problem is simple - you don't control the PC.  Anybody with admin access to a PC can change it's MAC address in seconds, to any value they want.  There is no way you can, on the network, stop them doing that.

    Some (more expensive) switches will allow you to do logging and limit what MAC addresses can connect to what port.  Most wireless points also allow you to configure what MAC address can (or can't) connect.  You could add your router MAC to the list of MAC addresses that can't connect to wireless, but that's about it.

  • well thanks for ur opinion..
    that's open my eyes

  • This is the same problem of 802.1x. If an user had been authenticated then other can hijack his mac address and can surf with mac spoof.

    I think one script that monitor users, arp table and IPs can help us. Something using grep, awk, cut and others simples tools. When I have some time i'll spend it to try do one.


  • Linksys RV042

    will block a mac if it dose not match the IP that way they would have to know the IP of the MAC they are spoofing this helps alot i dont know if pfsense dose that or not ???

Log in to reply