MAC security (Re: Question about Wireless)
Nils Kassube
kassube at gmx.net
Tue Nov 27 15:47:37 UTC 2007
Felipe Figueiredo wrote:
> Em Tuesday 27 November 2007 12:45:26 Nils Kassube escreveu:
> > MAC filtering means that the AP only talks to a known set of MAC
> > addresses. It isn't secure because you can set some (maybe all?)
> > wireless cards to arbitrary MAC addresses - but there are problems
> > doing it. 1) It may be illegal. 2) If the real owner of that MAC
> > address is active there will be lots of collisions and possibly both
> > clients can't do anything usefull.
>
> Interesting. I assume one would have to know beforehand of a permitted
> MAC in order to use this attack vector.
>
> Just out of curiosity, is there any known way (not brute force) to
> discover such permitted MAC addresses that script kids can exploit?
Well, not exactly, i.e. the AP doesn't transmit a list of accepted
clients. But if you can listen to the traffic of the AP with a particular
client you can find out the client's MAC. I don't know exactly which
program to use, but I suppose there are several available. If you google
for "wordriving" you will probably find them. Or maybe in the links in
this article about cracking WEP are a starting point:
<http://www.heise-security.co.uk/news/87889>
Nils
More information about the ubuntu-users
mailing list