topic Re: WLSE and MAC spoofing in Wireless

WLSE and MAC spoofing

simon-hautier — Sun, 04 Jul 2021 19:04:49 GMT

Hello,

My WLSE has detected several Client MAC Spoofing.

I have some questions about:

- the type of the spoof:

MAC_spoof 19 for example.

What is the meaning of the index ?

- the Spoof User Id:

"Client MAC Spoofing Detected on [MAC address] , host/XXXXXXX and on AP"

Does the spoof user id refers to:

- the computer which has spoofed the displayed MAC address (the illegal one)

- or the computer which originally had this MAC address (the legal one) ?

Im wondering this because the spoofed MAC address only refers to a single computer in "Reports > Wireless Clients", even when the "Spoof User Id" refers to a "clean" computer (allowed in the network)

I didn't find much about this in the Cisco documentation.

Any help ?

thanks

Re: WLSE and MAC spoofing

rmushtaq — Mon, 15 May 2006 16:32:23 GMT

This is explained in Table 2-3 in the FAQs: http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cwparent/cw_1105/wlse/2_13/ts_gd/faults.htm

Re: WLSE and MAC spoofing

simon-hautier — Tue, 16 May 2006 10:50:06 GMT

Hello,

Thanks for your answer.

Anyway, there is no explanation about the spoof index. I would like to know what refers to this index because, i have several errors, detected by the same AP with the same MAC address and the same spoof user id. The only difference between those errors is the spoof id.

Does someone know ?

Thanks.