2015-12-07 - Re: [GRASE-Hotspot] Having problems with users spoofing other user’s MACs

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: 2b3bdedfe2cd5e860950df5a1aab37fe9b67fba222ca446260a713f87f26ba06
Message ID: <CAESLx0Lu6rsDP_jcBbsOxMYUYFmB01tbshgF3Gu2ZifSi_VMYQ@mail.gmail.com>
Reply To: <f8064e21-183d-4477-9549-ce7b97fd69a2@grasehotspot.org>
UTC Datetime: 2015-12-07 04:56:24 UTC
Raw Date: Mon, 07 Dec 2015 21:56:24 +1000

Raw message 

Hi Melvin

Unfortunately the only solution to this is to do things to prevent them
discovering other MAC addresses. There is WiFi client isolation offered by
some access points. That's probably a start. You'll also need to ensure the
connections are secured (so no open WiFi, it'll need a password). You may
also need some additional configuration on switches and firewall to prevent
clients talking to each other.
The key is preventing the clients from attempting to talk to other clients
(so for example they could normally ping all IP's in a range, then check
the ARP table for MAC addresses), so they can't learn other MAC addresses
that are in use.

If you do work out a solution, please share with us the setup so we can put
it in the Wiki so others can do the same. I expect if using something like
Hostapd on a server, with a single WiFi card, just doing client isolation
in hostapd would be enough. If you have multiple AP's connected to
switches, then you'll need to do more to prevent each AP's clients talking
to another AP's clients (some sort of firewall either on the AP or
switches).

Hope that points you in the right direction.

Regards

Tim

On Thu, Dec 3, 2015 at 6:26 PM, Melvin Rufetu <me***u@gmail.com>
wrote:

> There's a group  of students that's been causing problems for me by using
> Wireless Network Watcher to sniff out other users on the network and then
> changing their MAC addresses to any one of the ones they find when
> sniffing. They end up using other user's data allowance and causing
> problems for the business. I recently caught one of them and had him
> arrested but the irregularities in my other user's accounts haven't been
> fixed. What can I do to fix this?
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at
> http://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/f8064e21-183d-4477-9549-ce7b97fd69a2%40grasehotspot.org
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/f8064e21-183d-4477-9549-ce7b97fd69a2%40grasehotspot.org?utm_medium=email&utm_source=footer>
> .
>

Thread