Home page logo
/

basics logo Security Basics mailing list archives

Re: About War Driving ..
From: FocusHacks <focushacks () gmail com>
Date: Wed, 21 Feb 2007 09:49:03 -0600

Many operating systems can temporarily change the MAC on the fly.  In
Linux and FreeBSD I believe it's a simple flag to ifconfig.  There's
an app called "sea" for OpenBSD (set ethernet address) which
accomplishes the same thing.  The capability is in the kernel, but
ifconfig doesn't give you access to it.

If this person can crack WEP, the chances are good that the attacker
also has a few authorized MAC addresses logged, and would have no
problem "cloning" a valid MAC, thus bypassing the MAC filter.

Your options are few.  Here are some ideas:

Get an access point that supports WPA.  Even if it's WPA-PSK, it's
better than WEP.

Set the wireless access point up on a separate network with no
outbound access, only access to a VPN server.  The VPN server will act
as a router to let authorized users "out of the sandbox" so to speak.
Free VPN servers and clients are available for most platforms.





On 2/19/07, nospam <nospam () dranem org> wrote:
How about blocking the MAC ADDRESS? of those two computers IPs?

most wireless routers have an allow/disallow MAC Filter

--

http://www.focushacks.com/focushacks-gpg.txt - My GPG encryption key


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault