1. Home
  2. pfSense® Software
  3. Captive Portal
  4. CAPTIVE PORTAL VS MAC SPOOFING

CAPTIVE PORTAL VS MAC SPOOFING

  • I

    how to eliminate mac spoofing attack in PF sense??
    if i'm using captive portal.. will it be the best solution?

    see the picture above
    if the hacker spoof the victim while the victim already logon into captive portal
    is the session also being taken by hacker?
    is hacker can surf internet?

    ![mac spoofing.JPG](/public/imported_attachments/1/mac spoofing.JPG)
    ![mac spoofing.JPG_thumb](/public/imported_attachments/1/mac spoofing.JPG_thumb)

    0
  • Cry Havok

    You can't stop MAC spoofing.

    0
  • I

    @Cry:

    You can't stop MAC spoofing.

    so is mac spoofing unstopable?
    to be clear maybe i'll juz give a story of my life..

    i'm doing some experiment about mac spoofing last month..
    i'm not spoofing someone PC
    but i'm spoofing the router mac

    do u know what happen after i spoof the router mac ?
    my internet company is shutdown, no internet at all ( i must restart the router then it works normally again)

    is it very dangerous don't u think??
    so if mac spoofing unstopable
    maybe u can give me advise to reduce mac spoofing attack..
    any solution?

    0
  • Cry Havok

    Yes, you can't stop it.  No, you can't meaningfully reduce it either.

    All you can do is monitor for it and deal with it.

    The problem is simple - you don't control the PC.  Anybody with admin access to a PC can change it's MAC address in seconds, to any value they want.  There is no way you can, on the network, stop them doing that.

    Some (more expensive) switches will allow you to do logging and limit what MAC addresses can connect to what port.  Most wireless points also allow you to configure what MAC address can (or can't) connect.  You could add your router MAC to the list of MAC addresses that can't connect to wireless, but that's about it.

    0
  • I

    well thanks for ur opinion..
    that's open my eyes
    regards

    0
  • C

    This is the same problem of 802.1x. If an user had been authenticated then other can hijack his mac address and can surf with mac spoof.

    I think one script that monitor users, arp table and IPs can help us. Something using grep, awk, cut and others simples tools. When I have some time i'll spend it to try do one.

    Regards.

    0
  • 9

    Linksys RV042

    will block a mac if it dose not match the IP that way they would have to know the IP of the MAC they are spoofing this helps alot i dont know if pfsense dose that or not ???

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy