Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CAPTIVE PORTAL VS MAC SPOOFING

    Scheduled Pinned Locked Moved Captive Portal
    7 Posts 4 Posters 7.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      iamthed
      last edited by

      how to eliminate mac spoofing attack in PF sense??
      if i'm using captive portal.. will it be the best solution?

      see the picture above
      if the hacker spoof the victim while the victim already logon into captive portal
      is the session also being taken by hacker?
      is hacker can surf internet?

      ![mac spoofing.JPG](/public/imported_attachments/1/mac spoofing.JPG)
      ![mac spoofing.JPG_thumb](/public/imported_attachments/1/mac spoofing.JPG_thumb)

      i'm dumb.. but i have a desire to learn

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        You can't stop MAC spoofing.

        1 Reply Last reply Reply Quote 0
        • I
          iamthed
          last edited by

          @Cry:

          You can't stop MAC spoofing.

          so is mac spoofing unstopable?
          to be clear maybe i'll juz give a story of my life..

          i'm doing some experiment about mac spoofing last month..
          i'm not spoofing someone PC
          but i'm spoofing the router mac

          do u know what happen after i spoof the router mac ?
          my internet company is shutdown, no internet at all ( i must restart the router then it works normally again)

          is it very dangerous don't u think??
          so if mac spoofing unstopable
          maybe u can give me advise to reduce mac spoofing attack..
          any solution?

          i'm dumb.. but i have a desire to learn

          1 Reply Last reply Reply Quote 0
          • Cry HavokC
            Cry Havok
            last edited by

            Yes, you can't stop it.  No, you can't meaningfully reduce it either.

            All you can do is monitor for it and deal with it.

            The problem is simple - you don't control the PC.  Anybody with admin access to a PC can change it's MAC address in seconds, to any value they want.  There is no way you can, on the network, stop them doing that.

            Some (more expensive) switches will allow you to do logging and limit what MAC addresses can connect to what port.  Most wireless points also allow you to configure what MAC address can (or can't) connect.  You could add your router MAC to the list of MAC addresses that can't connect to wireless, but that's about it.

            1 Reply Last reply Reply Quote 0
            • I
              iamthed
              last edited by

              well thanks for ur opinion..
              that's open my eyes
              regards

              i'm dumb.. but i have a desire to learn

              1 Reply Last reply Reply Quote 0
              • C
                correajl
                last edited by

                This is the same problem of 802.1x. If an user had been authenticated then other can hijack his mac address and can surf with mac spoof.

                I think one script that monitor users, arp table and IPs can help us. Something using grep, awk, cut and others simples tools. When I have some time i'll spend it to try do one.

                Regards.

                1 Reply Last reply Reply Quote 0
                • 9
                  900mhzdude
                  last edited by

                  Linksys RV042

                  will block a mac if it dose not match the IP that way they would have to know the IP of the MAC they are spoofing this helps alot i dont know if pfsense dose that or not ???

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.