MAC Spoofing

GOAL:

1. prevent user to spoof boss mac address

because sometime user bypass mac acl by cloning boss mac address

in Cisco I can do this

QUESTIONS:

1. how to achieve that in Cambium

Hi 

Greetings!!

From the screenshot you have shared I can see that you have WPA2+ MAC filtering on cisco.

In same way you can configure on Cambium with WLAN> Basic >> Security as WPA2 Preshared Key and Under Access >> MAC Authentication permit the MAC address you wanted to allow.

Best Regards,

Gupta Bobby

1 Like

I set boss MAC address to be permitted

hacker can simply cloned that MAC address using kali kismet

Can you discuss with your backline engineer

tq

I assume the "boss MAC" is present on the wired side of the network. You can add a MAC ACL entry under WLAN->Access Control->Access Control Lists and deny packets with the source match matching the boss MAC in the "in" direction and permit everything else.

1 Like

Boss MAC address through Wifi not Wired

I can't deny Boss MAC address.

Boss always permit.

Maybe I am not so clear

Spoofing means someone clone Boss Wifi MAC address.

So that they always have permit access

From my understanding in your Cisco network your boss need to use his MAC Address and Wi-Fi password (WPA2-PSK).

A would be hacker capturing the MAC address alone wouldn’t grant them access to the network as they would need the Wi-Fi password as well.

As Gupta Bobby said this can also be achieved with Cambium by enabling both MAC address filtering and WPA2 password authentication.

As you rightly pointed out a MAC address is easily cloned and therefore should not be considered a strong security feature.

If your security conscious I would recommended using a strong Wi-Fi password (20+ characters). This makes it very difficult to bruteforce WPA2 using an offline dictionary attack even after capturing the 4 way handshake.

I can attack strong password using fluxion

https://www.youtube.com/watch?v=k_X375omYtM

It will clone real ssid and force user to connect to fake ssid.

Force user to key in their wpa2 password then allow them to connect internet

Then how to counter this kind of attack

tq


@nbctcp wrote:

I can attack strong password using fluxion

https://www.youtube.com/watch?v=k_X375omYtM

It will clone real ssid and force user to connect to fake ssid.

Force user to key in their wpa2 password then allow them to connect internet

Then how to counter this kind of attack

tq


If your users are being social-engineered out of their password then moving to some non-password based option would be best (certificates with WPA2-Enterprise for instance).

1 Like

Firefly is right, WPA2 enterprise is the better solution, the problem with WPA2 PSK is that there is no mutual authentication. Which is why the attack you described will work.

With WPA2 enterprise EAP-TLS is considered very secure as it offers mutual authentication and cerficiates are required for both the client and server.