You've got a network. You want to protect it. You turn on MAC filtering. "Cool," you say to yourself, "only the devices I specify are getting on this network."
Think again.
MAC addresses fly through the air with the greatest of ease. Much more easily and frequently than SSIDs. And they can be spoofed.
Yes, MAC addresses are a physical addresses. But Windows doesn't look at the device first for the address of the wireless card. Rather, it looks in the registry. Only if that registry is blank or missing, does it look to the card's firmware. All a person has to do is go into the NetworkAddress string in their registry using Regedit and change the MAC address to the one they've seen accessing your network.
Ok, you say, but what if someone spoofs my MAC address, won't I notice a conflict when we're both on at the same time?
Good question.
Yes. You would see a message similar to the one you receive when you two machines share the same IP address. However, all the attacker has to do is wait until that a machine with that MAC address is no longer in use. Then, they will likely not be detected.
"Aha!" you might say, "but how will they be so lucky.
Well, if you recall the earlier post, if the hacker is using Kismet, they'll see that there is no longer traffic coming from a machine with the MAC address they want to spoof.

Advertisements