RE: [WIRELESS-LAN] Wireless MAC spoofing detection

[Frank Bulk]

Diana:   The overlay WIDS/WIPS systems (such as AirDefense AirMagnet, AirTight, Network Chemistry, etc) all include some kind of MAC address spoofing alarm.  They can do this if they see two devices with the same wireless MAC address.  When both clients are in the same vicinity it's more of an art than a science, I believe, but if it's across two physically disparate locations it's easy pickings.   I'm not sure what the infrastructure players (Cisco, Aruba and Meru; I exclude Trapeze b/c they team up with AirDefense, and Colubris with their AirTight) with built-in WIDS/WIPS systems offer for this specific task.   More to the phone, MAC-based authentication is not the way to go, unless you're doing it for guest access which usually offers limited access to the network anyways.   Regards,   Frank From: Cortes, Diana [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 30, 2006 1:26 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Wireless MAC spoofing detection Hello,   I was wondering if anyone out there has implemented a security system that detects intruders who have manually configured/hard-coded their client’s MAC address to gain access to the wireless network. I know there are some IDS products, such as Newbury’s, that promise this functionality. Has anyone had any experience with this and/or encountered the need to put in place such a system?   Thank you,   Diana Cortes University of Miami Information Technology Department of Telecommunications   ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/ ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.