[Dshield] Wireless MAC Authentication options.
josh at raintreeinc.com
Mon Jun 20 17:21:40 GMT 2005
Willy, Andrew wrote:
> Forgive the dumb question (someone has to ask one), but, is the MAC address
> not encrypted, or does encrypted traffic begin post MAC authentication?
> We're implementing small scale wireless in a few of our offices and I'm
> interested in how security is circumvented -- several of our offices are in
> shared buildings. We're using MAC auth and keys, however the MAC auth was
> the measure I had the most confidence in.
> Can you elaborate (more) on how the MAC spoofing takes place?
> Thank you
Sure -- and someone correct me when I go wrong. The purpose of the MAC
address is to identify the sending station at the data link layer (that
is, between two stations on the same network). These stations don't
identify each other by IP address, as you might think, because IP
addresses are at the network layer, one layer higher than data link. The
MAC address is encoded into every transceiver on the network, and
ideally they're unique for every single one. In these respects, wireless
ethernet MAC addresses work just like those in wired ethernet, although
the format of the wireless frame is different from that of the wired frame.
The data isn't encrypted -- I can't actually see a way that it could be
encrypted without breaking everything. The encryption begins later on in
the frame. If they were, stations on the network wouldn't know the
source or destination of packets they see, and so they wouldn't know if
they're supposed to process the packet or not.
Most wireless hardware and the drivers for it include some capability to
change the built-in MAC address to something else. This is useful in
case two devices on a network end up with the same MAC address (because
with the same MAC address, communication would be impossible). But it
also makes it possible for someone who has snooped a MAC address by
simply listening to transmissios to change his address to something
that's valid on the network. Then he can talk to the access point
without any problem (unless the other station with the matching MAC
tries to talk on the network or is listening when the attacker sends, in
which case you'll run into problems of communication because of the
Raintree Systems, Inc.
Office Phone: (801) 293-3090
Corporate Office: (760) 509-9000
More information about the list