RE: [WIRELESS-LAN] Wireless MAC spoofing detection

[Weatherly, Stephen Ricardo]

Diana,             It would seem like that would be a difficult task to accomplish seeing that once the MAC address is cloned, then the system sees that card as the newly configured card.  The way I see that working is if we know ahead of time the MAC addresses of the user and checking to see at login, whether the user is allowed to log in from that machine.  That would act as only an indicator that they could be changing their MAC because that behavior would also exhibit similar characteristics to the user logging in from a friend’s machine.     Stephen R. Weatherly I.T. Security University of Miami From: Cortes, Diana [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 30, 2006 2:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless MAC spoofing detection   Hello,   I was wondering if anyone out there has implemented a security system that detects intruders who have manually configured/hard-coded their client’s MAC address to gain access to the wireless network. I know there are some IDS products, such as Newbury’s, that promise this functionality. Has anyone had any experience with this and/or encountered the need to put in place such a system?   Thank you,   Diana Cortes University of Miami Information Technology Department of Telecommunications   ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.