Quote:
|
Originally Posted by Scruge
Here's a couple of examples of Knsgem2 detecting spoofed MACs.
Point A is a house and point B is a business, they are 14 miles apart and using the same MAC.
Point C is a business and point D is business, they are 5 miles apart and using the same MAC.
I'd like to add a feature to auto-detect such anomalies.
Any suggestions are welcome.
|
I'm not so sure they are spoofed MAC's per se... Check the logs, my SWAG is that the networks in question are AdHoc type nets (or probe's searching for the AdHoc net) and not Infrastructure.
If so, they are operating per the 802.11 specs, wrt the MAC's being random, and thereby able to have the same MAC as another device.
It's one of the reasons I see networks I've detected, suddenly appearing in places I never stumbled. Someone else detects a network, which has the same BSSID during AdHoc operation, that the network detected by me had, and during the next update of the Wigle Map, it has suddenly been teleported from Denmark, to Ohio or Australia..
Dutch