Find the answer to your Linux question:
Results 1 to 5 of 5
I am a guest on a wireless network tonight and, although I had the WEP key from the last time I was here, the owner has added MAC address filtering ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    726

    Am I causing problems?


    I am a guest on a wireless network tonight and, although I had the WEP key from the last time I was here, the owner has added MAC address filtering since then.

    Rather than faff with the security settings of the network I snagged a few packets and copied the MAC address off another computer that was using the network at the time.

    My thinking is that two physical devices with the same MAC address would appear to be one physical device with two IPs, then each computer would discard the packets with the wrong IP.

    Both computers were online at the same time and seemed to have no problems. My question is, was I causing trouble and the computers were just coping with it, or is this a perfectly acceptable thing to do?

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  2. #2
    Linux Guru bigtomrodney's Avatar
    Join Date
    Nov 2004
    Location
    Ireland
    Posts
    6,133
    I'm surprised it worked actually. MAC address is really only used on the LAN level so I would have thought that DHCP might have tried to give you the same IP address as the other PC. If it works it works but I'm sure you will get some weirdness along the way.

  3. #3
    Linux Enthusiast meton_magis's Avatar
    Join Date
    Oct 2006
    Location
    arizona
    Posts
    699
    thats actualy pretty cool. i know that is to some degree how arp poisoning starts, but i've never heard of it used to trick mac filtering.
    New to the internet, technical forums, or the hacker / open source community??
    Read this to learn good posting habits http://www.catb.org/~esr/faqs/smart-questions.html

    RHCE for RHEL version 5
    RHCT for RHEL version 4

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    726
    Quote Originally Posted by bigtomrodney
    I would have thought that DHCP might have tried to give you the same IP address as the other PC.
    By the time my computer had booted enough for me to fiddle the network settings, it had already tried and failed to use DHCP so I set things up manually. After the other computer was turned off I went back to dhcp and it did give me the same IP, and that would have been a big (temporary) problem had both machines been on at once. I just got lucky there.

    meton_magis, this was easier than arp poisoning.

    Code:
    # ifconfig eth0 hw ether <MAC address>
    is all that is needed.

    I had always thought that getting round MAC address filtering like this would require the cloned PC to be offline, but it seems not to be the case.

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  6. #5
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    726
    Some quick research (which I should have done first, but where's the fun in that) turned up this article on mac address spoofing which concludes that a cloned mac address can cause problems because if one machine disassociates from the AP then the other will get booted at the same time. I don't see this a big problem though, because it can re-associate quickly enough to be unnoticeable.

    WPA is more serious because when the second client authenticates, the re-keying involved kicks the first client off the network.

    Still, it's another reason not to rely on WEP and MAC filtering.

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •