04-10-2023 03:00 AM
If there's an attacker on a public LAN like a school or a shopping centre for example, the adminstators can look at the router's packet capture and see the attackers MAC and IP addresses, but what can they do with this information to figure out who the attacker was?
04-10-2023 05:16 AM
MAC addresses can be spoofed.
04-10-2023 05:43 AM
this can be solve by
block the this mac in your SW by
Switch(conf)#mac address-table static <mac> vlan X drop
if the attacker spoofed another MAC then using
DHCP snooping with IP guard and DAI in your L2 SW.
04-11-2023 03:43 AM
Identifying who the attacker is can be very difficult, but using the IP and MAC you can narrow down where the attacker is located in your network...even if the MAC is spoofed as it is done by default on all new iOS devices.
Now, assuming the attacker is connected to the WiFi network you can use the IP and MAC to identify which AP the device is connected to. Assuming the attack is in progress, you can narrow down the the geographic location of the attacker within the building given that each AP has a limited range. If the attacker is on the move, you will see the IP and MAC move to another AP and you can then have an idea of which direction the attacker is moving. Combine this with monitoring cameras you might be able to identify the attacker based on his / her movements.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide