[Dshield] Wireless MAC Authentication options.
AWilly at eSMIL.net
Mon Jun 20 18:03:34 GMT 2005
My question seems really silly after reading your reply. I should have
given it more thought before sending it -- thanks for straightening me out!
One other thing I'm not clear on is how someone listens in on wireless
communication. This is something that others believe is relatively simple,
however for a ignoramus like me, it certainly isn't as easy to plugging into
a wired network and listening to broadcasts. Is their some gizmo that
allows you to 'plug in' to wireless?
From: Josh Tolley [mailto:josh at raintreeinc.com]
Sent: Monday, June 20, 2005 10:22 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Wireless MAC Authentication options.
Willy, Andrew wrote:
> Forgive the dumb question (someone has to ask one), but, is the MAC
> not encrypted, or does encrypted traffic begin post MAC authentication?
> We're implementing small scale wireless in a few of our offices and I'm
> interested in how security is circumvented -- several of our offices are
> shared buildings. We're using MAC auth and keys, however the MAC auth was
> the measure I had the most confidence in.
> Can you elaborate (more) on how the MAC spoofing takes place?
> Thank you
Sure -- and someone correct me when I go wrong. The purpose of the MAC
address is to identify the sending station at the data link layer (that
is, between two stations on the same network). These stations don't
identify each other by IP address, as you might think, because IP
addresses are at the network layer, one layer higher than data link. The
MAC address is encoded into every transceiver on the network, and
ideally they're unique for every single one. In these respects, wireless
ethernet MAC addresses work just like those in wired ethernet, although
the format of the wireless frame is different from that of the wired frame.
The data isn't encrypted -- I can't actually see a way that it could be
encrypted without breaking everything. The encryption begins later on in
the frame. If they were, stations on the network wouldn't know the
source or destination of packets they see, and so they wouldn't know if
they're supposed to process the packet or not.
Most wireless hardware and the drivers for it include some capability to
change the built-in MAC address to something else. This is useful in
case two devices on a network end up with the same MAC address (because
with the same MAC address, communication would be impossible). But it
also makes it possible for someone who has snooped a MAC address by
simply listening to transmissios to change his address to something
that's valid on the network. Then he can talk to the access point
without any problem (unless the other station with the matching MAC
tries to talk on the network or is listening when the attacker sends, in
which case you'll run into problems of communication because of the
Raintree Systems, Inc.
Office Phone: (801) 293-3090
Corporate Office: (760) 509-9000
-------------- Sponsor Message ------------------------------------
Join us at SANSFIRE 2005 in Atlanta!
The Internet Storm Center Conference.
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
NOTICE OF CONFIDENTIALITY-The information in this email, including
attachments, may be confidential and/or privileged and may contain
confidential health information. This email is intended to be reviewed only
by the individual or organization named as addressee. If you have received
this email in error please notify Scottsdale Medical Imaging, an affiliate
of Southwest Diagnostic Imaging, LTD immediately - by return message to the
sender or to support at esmil.com - and destroy all copies of this message and
any attachments. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent those
of Scottsdale Medical Imaging. Confidential health information is protected
by state and federal law, including, but not limited to, the Health
Insurance Portability and Accountability Act of 1996 and related
More information about the list