2020-07-11 - Re: [GRASE-Hotspot] Grase atack by cloning mac addresses

Header Data

From: Tim <ti***8@gmail.com>
Message Hash: ae7b77f963392d45ae2a05efa172ebbe8b687e25b8953fe7457defc7e371b466
Message ID: <CAESLx0LUmcf5wwvvpCeeB4yiJjUyZZ2ppaMpiKfhiLCAgQnc2w@mail.gmail.com>
Reply To: <5ad5b59b-6564-4403-ac46-2ab40b674aa3o@grasehotspot.org>
UTC Datetime: 2020-07-11 23:41:39 UTC
Raw Date: Sun, 12 Jul 2020 14:41:39 +0800

Raw message 

Hi Rico

What you are talking about is MAC spoofing. Unfortunately, you can't
prevent MAC spoofing. MAC spoofing is done entirely client-side, its the
presented hardware address (Wireless or Wired) and the network can't know
if someone is spoofing. In a wired network, you could, in theory, detect
the same MAC on multiple ports and block it that way. In wireless, to the
best of my knowledge, you really have no way to detect spoofing. If that
MAC wifi address isn't visible, then the client wouldn't know the packet
was addressed to it.

I expect that if you have WPA enabled on your Wireless AP, it'll reduce the
instances of MAC spoofing causing problems (as they need to spoof the MAC
and have the WiFi password). It's actually recommended that you run WPA2
anyway as it prevents some traffic sniffing (most stuff should be done over
SSL nowadays, but I'm sure there are still sites sending cookies/passwords
in plain text).

Unfortunately, there are limitations in how networks work that just aren't
solvable for the hotspot. The way to solve them is to use 802.1x with a
decent form of authentication. However, this generally requires
higher-grade equipment (generally enterprise level), users who understand
how to connect to those networks, and more complicated access control
systems. In theory, the Grase Hotspot interface could be used to control
networks like these, assuming you had the appropriate hardware. Maybe one
day I'll play with some hardware and document how to connect
enterprise-grade equipment with Grase Hotspot in 802.1x, but it definitely
won't be a plug and play system like it currently is.

Regards

Tim

On Fri, 10 Jul 2020 at 20:41, Rico Tata <ri***t@gmail.com> wrote:
>
> hi group
> Boss Tim I still need your help.
> I would like to know where limited the connection of the mac or ip
address to a single device.
> there are individuals in my area who hack into my system by cloning mac
addresses of clients already online to connect.
> even if it is a script or package that I have to install in the ubuntu
server, there is no problem at my level thanks.
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
"Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email to gr***e@grasehotspot.org.
> To view this discussion on the web visit
https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/5ad5b59b-6564-4403-ac46-2ab40b674aa3o%40grasehotspot.org
.

Thread