Spoofed MAC Address
This Alarm is raised by WiFi Manager when it detects any spoof of MAC address in the WLAN.
MAC Address:
Computer Networking equipment come with an in-built Identifier-address which is unique. This address assigned to the network equipment is called MAC address - Media Access Control Address. These are managed by IEEE and are globally unique. The IEEE assigns globally the first three bytes, which will denote the manufacturer of the device, and the manufacturer chooses the last three bytes. The number officially assigned by IEEE are publicly available.
What is meant by spoofing?
Although MAC addresses are assigned at the time of manufacture, setting the MAC address of a wireless card or AP to an arbitrary chosen value is simple for an attacker. He may do this by invoking an appropriate software tool that engages in a dialog with the user and accepts values. Using these tools, the attacker changes the MAC address and sends several frames with that address. The attacker typically repeats this with another MAC address. In a period of a second, this can happen several thousand times.
This process by which an attacker altering the Manufacture-assigned MAC address to that of an authorized device's MAC and injecting lot of packets into the WLAN is known as spoofing. This behavior of the attacker may be because of any of the following reasons:
Common tools for manipulating MAC address in the WLAN packets -
What should the Administrators do?
The administrators should watch out for unfamiliar MAC Addresses and spoofed frames.He should take immediate measures to prevent them from entering into the WLAN.