2020-07-12 - Re: [GRASE-Hotspot] Grase atack by cloning mac addresses

Header Data

From: Rico Tata <ri***t@gmail.com>
Message Hash: 88c9a79f5ac982019dea5d91fa588e3f0cad0a96db4ad85b104de4679e7d2230
Message ID: <54e51798-8b52-400d-acd9-da372c464567n@grasehotspot.org>
Reply To: <CAESLx0LUmcf5wwvvpCeeB4yiJjUyZZ2ppaMpiKfhiLCAgQnc2w@mail.gmail.com>
UTC Datetime: 2020-07-12 02:22:32 UTC
Raw Date: Sun, 12 Jul 2020 02:22:32 -0700

Raw message


thank you tim  

Le dimanche 12 juillet 2020 à 07:41:54 UTC+1, Tim White a écrit :

> Hi Rico
>
> What you are talking about is MAC spoofing. Unfortunately, you can't 
> prevent MAC spoofing. MAC spoofing is done entirely client-side, its the 
> presented hardware address (Wireless or Wired) and the network can't know 
> if someone is spoofing. In a wired network, you could, in theory, detect 
> the same MAC on multiple ports and block it that way. In wireless, to the 
> best of my knowledge, you really have no way to detect spoofing. If that 
> MAC wifi address isn't visible, then the client wouldn't know the packet 
> was addressed to it.
>
> I expect that if you have WPA enabled on your Wireless AP, it'll reduce 
> the instances of MAC spoofing causing problems (as they need to spoof the 
> MAC and have the WiFi password). It's actually recommended that you run 
> WPA2 anyway as it prevents some traffic sniffing (most stuff should be done 
> over SSL nowadays, but I'm sure there are still sites sending 
> cookies/passwords in plain text).
>
> Unfortunately, there are limitations in how networks work that just aren't 
> solvable for the hotspot. The way to solve them is to use 802.1x with a 
> decent form of authentication. However, this generally requires 
> higher-grade equipment (generally enterprise level), users who understand 
> how to connect to those networks, and more complicated access control 
> systems. In theory, the Grase Hotspot interface could be used to control 
> networks like these, assuming you had the appropriate hardware. Maybe one 
> day I'll play with some hardware and document how to connect 
> enterprise-grade equipment with Grase Hotspot in 802.1x, but it definitely 
> won't be a plug and play system like it currently is.
>
> Regards
>
> Tim
>
> On Fri, 10 Jul 2020 at 20:41, Rico Tata <ri***.@gmail.com> wrote:
> >
> > hi group
> > Boss Tim I still need your help.
> > I would like to know where limited the connection of the mac or ip 
> address to a single device.
> > there are individuals in my area who hack into my system by cloning mac 
> addresses of clients already online to connect.
> > even if it is a script or package that I have to install in the ubuntu 
> server, there is no problem at my level thanks.
> >
> > --
> > This mailing list is for the Grase Hotspot Project 
> http://grasehotspot.org
> > ---
> > You received this message because you are subscribed to the Google 
> Groups "Grase Hotspot" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to gr***.@grasehotspot.org.
> > To view this discussion on the web visit 
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/5ad5b59b-6564-4403-ac46-2ab40b674aa3o%40grasehotspot.org
> .
>

Thread