AW: Wireless security & MAC Adress spoofing

["Schieber, Daniel" <daniel.schieber () comco de>]

Hi,

yes, sniffing is enough (Kismet or Wellenreiter do a fine job there).

Since the MAC addresses are part of the frame a packet is sent with, it is always in "cleartext".
Though naming it this way might be misleading. 

There is no encryption considering frames, except you are using a tunnel, 
which, in return, also comes with a header and it's senders MAC.

So someone might not understand what data is exchanged, due to the encryption, 
but he will be able to know who is talking (MAC-wise) and if it is a client or AP.

That's why someone should not only set up a MAC-ACL, but in addition use WEP or even better WPA.

Greets,
Dan

-----Ursprüngliche Nachricht-----
Von: VI [mailto:vi () vizo com]
Gesendet: Montag, 1. November 2004 11:10
An: security-basics () securityfocus com
Betreff: Wireless security & MAC Adress spoofing


Hi all,

How does anybody that want to spoof a MAC address to connect to a wireless
AP know the right MAC's in the real life?

Are the MAC numbers send along in Cleartext?
Is sniffing the wireless network enough to get hold of the connecting MAC
addresses?

Thanks for answers.