0

Let's say we have DHCP server and provided MAC filtering system. Can we blocked the next spoofed MAC address? The next device will not be leased any IP address.

Or normally it is already blocked by DHCP server?

Thanks in advance.

kwO7
  • 23
  • 7
  • Any type of MAC-based authentication is not a good idea. Perhaps look into 802.1x instead, with certificate auth or radius. – EEAA Feb 25 '15 at 03:13
  • I will keep this in mind..is this also applicable on mobiles? – kwO7 Feb 25 '15 at 03:24

2 Answers2

1

It's not as simple as that. A secondary protocol may be required but for the most part it requires constant network vigilance. Something similar to what is mentioned by the following.

https://infoexpress.com/content/practical/142

A program/script I was saw basically looked at/monitored all systems on the network and basically looked for performance differences periodically to see whether something strange was going on (stuff like packet loss). More modern solutions like 802.1x and so on also work roughly along the same way as the approach that I've mentioned but also suffer from the same limitations. Enough background intelligence on the target network/system and you're in trouble which is one of the reasons why had to be updated a while back. This means that you're looking after two things. More background on the original system and periodic checks...

http://en.wikipedia.org/wiki/IEEE_802.1X http://en.wikipedia.org/wiki/IEEE_802.1X#Vulnerabilities_in_802.1X-2001_and_802.1X-2004

dtbnguyen
  • 322
  • 1
  • 6
  • I do believe it would be best to use NAC / NPS, there are multiple IFS statements here. – kwO7 Feb 26 '15 at 08:39
0

The reason why mac authentication does not work very well (in my experience), is because if I were the attacker, I would first send a deauthentication packet to the client whos mac I wanted to spoof, and I'd use a different spoofed mac to do so. Than the router can't tell the difference. However, as long as you are using WPA or WPA2, and have a strong passphrase, it'd be extreemely difficult for an attacker to crack your key, preventing a dchp lease from ever happening.

A radius server does work with mobile devices and is the best way to secure a wifi network, when used with wpa2. It provides a dual authentication method with a certificate, I believe.

Chev_603
  • 133
  • 6
  • Where in the original question was there mentioned anything about wireless? – Frederik Feb 25 '15 at 07:04
  • If someone is spoofing a mac address on a physical network they wouldn't need to make a seperate dhcp request. – JamesRyan Feb 25 '15 at 12:34
  • @Chev_0603, thank you for giving me another idea..even there are no perfect network, i will also look into deauthentication packet you said. Will try to combo Server and Network here. Tnx – kwO7 Feb 26 '15 at 10:49