cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Case study: Combating MAC address spoofing in access networks

730
Views
30
Helpful
0
Comments

Introduction

Last week I went down an interesting rabbit hole of MAC address spoofing. I found that while the problem was well defined and easily researched, there were no simple prescriptive recipes for a solution. I thought it might be helpful to share this solution in the hopes it could be useful to others.

I would like to acknowledge the contributions of Marvin Rhoads for technical vetting and proofreading, and Brad Johnson (web page) for climbing down into the rabbit hole with me and lending his considerable expertise.

 

Summary

Media Access Control (MAC) Addresses commonly are used to identify endpoints for purposes of access control and authorization on access layer networks that have yet to implement 802.1x (dot1x) device authentication. The problem with this approach is MAC address spoofing is trivial to implement. However, with a defense in depth approach using basic tools and techniques, the risk and impact can be largely mitigated.

Diagnosis

Using a computer that does not send any attributes when connecting to the network, an attacker can gain authorization by spoofing the MAC address of a previously profiled device.  This is specific to using MAC Address Bypass and Profiling of IOT devices such as IP phones and digital signage for purposes of network authorization.

Solution

Please see attached case study which includes supporting facts and analysis

Content for Community-Ad