Last week I went down an interesting rabbit hole of MAC address spoofing. I found that while the problem was well defined and easily researched, there were no simple prescriptive recipes for a solution. I thought it might be helpful to share this solution in the hopes it could be useful to others.
I would like to acknowledge the contributions of Marvin Rhoads for technical vetting and proofreading, and Brad Johnson (web page) for climbing down into the rabbit hole with me and lending his considerable expertise.
Media Access Control (MAC) Addresses commonly are used to identify endpoints for purposes of access control and authorization on access layer networks that have yet to implement 802.1x (dot1x) device authentication. The problem with this approach is MAC address spoofing is trivial to implement. However, with a defense in depth approach using basic tools and techniques, the risk and impact can be largely mitigated.
Using a computer that does not send any attributes when connecting to the network, an attacker can gain authorization by spoofing the MAC address of a previously profiled device. This is specific to using MAC Address Bypass and Profiling of IOT devices such as IP phones and digital signage for purposes of network authorization.
Please see attached case study which includes supporting facts and analysis
I am looking for an application based firewall as i am trying to block a game from being played on my home network,the game is dragon city run by facebook, i have tried wireshark for the ip but every time i run it the ip changes, unless i am doing somethi...
Good Afternoon, We have been battling the issue of Windows 10 2004 update removing the “User Guid” under the profiles list which is what the OpenDNS remote client uses to identify a user when off site. This has been an continual battle with try...
Good evening, during a pen test, we were recommended to "Retire the Cisco Secure Desktop (CSD) VPN technology which is no longer supported." I am a bit confused with this as we use Host Scan to run certain checks on endpoints before they are a...
I am not able to login to the ASAv device on AWS. I get the following message when I try from another EC2 (ubuntu 16.04) no matching key exchange method found. Their offer: diffie-hellman-group14-sha256 When I try from my Mac - I just get n...
Hola Comunidad, Por favor su ayuda tengo 3 switch en cascada Cisco SG350X-48P en este rol. Sw - Core = Contiene una ruta por defecto y las demás vlan con sus gtw por defecto. Sw - 02 = Equipos de distribuciónSw - 01 =...