MAC security (Re: Question about Wireless)
Danny Colligan
dannycolligan at gmail.com
Wed Nov 28 18:42:24 UTC 2007
Okay! Time to clear up some confusion.
MAC filtering is trivial to bypass. What you need to do is
1. Come within range of a WLAN
2. Set your wireless card to promiscuous mode with a command like
'sudo iwconfig eth1 mode Monitor' which will allow your interface to
receive frames intended for any MAC
3. Get a tool such as Wireshark or Kismet (my favorite) to sniff
frames out of the air, which contain the MAC address of the router and
any computers that are connected to it
4. Set your wireless card back to normal mode 'sudo iwconfig eth1 mode Managed'
5. Change your MAC address to use one of the ones that you gathered in
step 3 with a command like 'ifconfig eth1 hw ether DE:AD:BE:EF:CO:DE'
6. At this point, you can either associate with the WLAN and piggyback
on the same shared network as the user whose MAC you swiped, or you
can be even more sneaky (and switch your attack from a passive one to
an active one) and send deassociation frames to the WLAN which will
kick the legitimate user off with a tool like wlan_jack, File2air,
Void11 or Libwlan and then associate with the WLAN.
7. Surf away.
The details of all of this are covered in Wi-Foo edition one on page
158-161 (a book I highly recommend if you're interested in this sort
of thing).
This all might be very illegal, depending on your local laws.
Danny
More information about the ubuntu-users
mailing list