[Dshield] Wireless MAC Authentication options.

Willy, Andrew AWilly at eSMIL.net
Mon Jun 20 16:28:29 GMT 2005

Forgive the dumb question (someone has to ask one), but, is the MAC address
not encrypted, or does encrypted traffic begin post MAC authentication?

We're implementing small scale wireless in a few of our offices and I'm
interested in how security is circumvented -- several of our offices are in
shared buildings.  We're using MAC auth and keys, however the MAC auth was
the measure I had the most confidence in.  

Can you elaborate (more) on how the MAC spoofing takes place?

Thank you


(sorry for rider text)

-----Original Message-----
From: Josh Tolley [mailto:josh at raintreeinc.com]
Sent: Monday, June 20, 2005 9:11 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Wireless MAC Authentication options.

David Cary Hart wrote:
> I'm not so sure. MAC authentication is based upon the MAC of the client
> card which isn't broadcast (to the best of my knowledge) in any fashion.
> Why would a MAC id be subject to compromise?

The MAC address is transmitted -- it has to be. Otherwise it couldn't 
serve its purpose, namely to identify the sending and receiving 
stations. It's not sent out with "anyone listening" as its intended 
recipient, but anyone with their antenna on can receive the transmission 
and find the MAC address in the frame. From there, it's trivial with the 
right hardware and software to change your own MAC address to one that 
you've seen transmit successfully in the past.

Josh Tolley
Raintree Systems, Inc.
Office Phone: (801) 293-3090
Corporate Office: (760) 509-9000

-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
Details: http://www.sans.org/sansfire2005

send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
NOTICE OF CONFIDENTIALITY-The information in this email, including
attachments, may be confidential and/or privileged and may contain
confidential health information. This email is intended to be reviewed only
by the individual or organization named as addressee. If you have received
this email in error please notify Scottsdale Medical Imaging, an affiliate
of Southwest Diagnostic Imaging, LTD immediately - by return message to the
sender or to support at esmil.com - and destroy all copies of this message and
any attachments. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent those
of Scottsdale Medical Imaging. Confidential health information is protected
by state and federal law, including, but not limited to, the Health
Insurance Portability and Accountability Act of 1996 and related

More information about the list mailing list