Last week I went down an interesting rabbit hole of MAC address spoofing. I found that while the problem was well defined and easily researched, there were no simple prescriptive recipes for a solution. I thought it might be helpful to share this solution in the hopes it could be useful to others.
I would like to acknowledge the contributions of Marvin Rhoads for technical vetting and proofreading, and Brad Johnson (web page) for climbing down into the rabbit hole with me and lending his considerable expertise.
Media Access Control (MAC) Addresses commonly are used to identify endpoints for purposes of access control and authorization on access layer networks that have yet to implement 802.1x (dot1x) device authentication. The problem with this approach is MAC address spoofing is trivial to implement. However, with a defense in depth approach using basic tools and techniques, the risk and impact can be largely mitigated.
Using a computer that does not send any attributes when connecting to the network, an attacker can gain authorization by spoofing the MAC address of a previously profiled device. This is specific to using MAC Address Bypass and Profiling of IOT devices such as IP phones and digital signage for purposes of network authorization.
Please see attached case study which includes supporting facts and analysis
Does Cisco have a published document that shows the requirements for their SCRYPT implementation (type 9 encryption)? I want to be able to generate all of my secrets off the device and them import them later but I need to know the values they use for...
Apologies if the title doesn't make sense or this is a simple question; I am pretty new to working with Firewall Rules and all. In this case, i am using a Cisco 5516-X and in ASDM v 7.13(1).What I want to know/do in this case is: I have a department...
For any like me that was awaiting some of the fixes in Patch 4 and jumped on and downloaded it, please be aware it has been deferred and removed from CCO due to a bug/problem it introduces. Bug is CSCvt18276According to my CCO notification, the expected r...
Hello, I know from reading the latest admin guide (9.13), configuring VTI on multi-context mode is not supported. Does anyone know if it's on a road map to have it be included? It's a nice feature to have to support BGP over IPSEC tunnels using VTI b...
I was wondering if anyone has set up load balancing with their VPN using two different sites/locations.Using a cluster IP address and then having that point to public IPs - active/standby at two different offices.The ASA model/software would be the same.&...