[Dshield] Wireless MAC Authentication options.

Tony Earnshaw tonye at billy.demon.nl
Mon Jun 20 17:48:09 GMT 2005


man, 20.06.2005 kl. 17.37 skrev David Cary Hart:

> On Mon, 2005-06-20 at 10:15 -0500, Holmes, Alan wrote:
> > Not an answer to your question here, but I trust that you are using other
> > methods of authentication in addition to MAC authentication as it's really
> > easy to beat MAC authentication.
> > 
> I'm not so sure. MAC authentication is based upon the MAC of the client
> card which isn't broadcast (to the best of my knowledge) in any fashion.
> Why would a MAC id be subject to compromise?

One (i.e. the client workstation, Windows, Linux) can configure the MC
address on his machine to be whatever he chooses. Say he normally has a
Linux workstation and wishes to plug in his Windows laptop with the same
WS privileges. All he has to do, is to note the Linux MAC address from
ifconfig -a and plug that into the Windows shit.

The only true solution is to ensure that clients can't plug non-approved
hardware in to the network infrastructure. (super glue, solder, properly
constructed connection points, whatever).

--Tonni

-- 
mail: tonye at billy.demon.nl
http://www.billy.demon.nl





More information about the list mailing list