Beating MAC address filtering

Hunter Thompson · 05-18-2007

Hi Everyone,

I am trying to figure wireless security - my brother has an AP in his room and I am trying to get access to it from my laptop. Please note I am a total newb when it comes to security stuff and we are trying to learn about it by finding holes.

He setup as an unsecured AP at first, and I bought a Netgear WG511v2 card for my laptop which enabled me to connect to the internet through his ap with no problem - in fact, my laptop would just "get connected" by itself - it found the ap and got assigned an IP address automatically and hey presto - I'm surfin the net!

So he did some research to try and secure the connection a bit more, I asked for him to try and do it little by little so we can get past each bit of security one bit at a time. He has now done something to his AP so that I am not being issued an IP address. His SSID is still "default" and there is no encryption enabled.

So now I am trying to get back online through his AP. I have been reading up on what may have caused me to no longer have access and I am assuming he has looked in the ARP table, seen my MAC address accessing his network (I did not spoof my MAC) and somehow made a filter on his ap to only allow his MAC addresses. When I grill him if this is the deal he says "no" to everything else but gets shifty when I bring up MAC filtering- ha, I'm on to you.

So I researched up on MAC addresses, figured out one can "spoof" a MAC address and got myself "Mac Makeup"; I changed my Netgear Wireless Card Mac Address but, still no IP address being issued...

Am I on the right path? A few forum posts I have read state that Mac address filtering is "the weakest protection" you can use on WAP's, but I must be missing something - how does one figure out what valid MAC addresses are allowed? "Mac Makeup" seems to have the option to randomly generate a MAC address or nominate a specific one, but I can't seem to understand how one would know this information. The only thing I could guess would work would be some kind of sniffer that could see someone else's traffic and clone the MAC address of their machine?

I have been trying to find information, forums, faq's and tutorials to help me get through this next step but have to ask for some assistance or direction to some information that might help out. Once I get through my bro's MAC filtering test I think he will try WEP, which seems to have a fair bit of info out there on. But this MAC address thing has me stumped, and everyone says it is the easiest to get past! I suck.

Hey thanks for any information.
Hunter

itsnotme · 05-18-2007

What proof do we have that you're not just trying to find a way to hack into your neighbor's wifi? Do a search and you'll find a million posts similar to this.

Hunter Thompson · 05-18-2007

As I said, I have been trying to find information on this for some time and have come to ask for help, this is a newbie forum isn't it?

Well you don't know if I'm trying to get my neighbors net, I'm just sayin what the situation is. If someone wanted to secure their WAP I'm sure they would not have the SSID as default, with no encryption. We are just trying to learn here, if you have a link to any of these "million" posts that answer my queries then I would be most appreciative, I can't seem to find simple instructions that will provide this information.

Thanks for any constructive comment.

Hunter

itsnotme · 05-18-2007

Pray tell, why is YOUR AP SSID set to default and with no encryption? If you were trying to secure it, you'd do what would be best: change the SSID and use a form of encryption! (Preferrably WPA)

A lot of this stuff is common sense. MAC address blocking blocks certain MAC addresses or only allows a specific MAC address in. WPA encrypts the connection so that you need a password/passcode to connect.

What else eludes your grasp?

Hunter Thompson · 05-18-2007

Read my post, it is my brothers ap and we are trying to learn wireless security holes one step at a time, and the step we are at is MAC filtering. Your suggestion that we should "secure" our connection tells me you are not reading my post correctly? Look, I am just trying to learn new things here, have you got any suggestions or links in relation to my original post? What eludes my grasp is how to figure out what MAC address to spoof on an AP that filters MAC addresses.

little dave · 05-18-2007

Quote:

Originally Posted by Hunter Thompson

Read my post, it is my brothers ap and we are trying to learn wireless security holes one step at a time, and the step we are at is MAC filtering. Your suggestion that we should "secure" our connection tells me you are not reading my post correctly? Look, I am just trying to learn new things here, have you got any suggestions or links in relation to my original post? What eludes my grasp is how to figure out what MAC address to spoof on an AP that filters MAC addresses.

You need to explain this. Why are you spoofing anything?

itsnotme · 05-18-2007

What eludes my grasp is how lamebrained you gentlemen are. Google is your friend, if you really want to do research on WiFi Security, then google it. There's tons of documented papers on how MAC address filters aren't that secure and how to beat them.

In case you didn't notice, this forum doesn't spoonfeed. If perchance spoonfeeding does happen, it's a rare event.

I've spoonfed you enough, go forth in the world and research.

This is starting to sound like a school paper to me, considering I've written a few of these papers, I should know.

itsnotme · 05-18-2007

Quote:

Originally Posted by little dave

You need to explain this. Why are you spoofing anything?

Probably because they're singular elementals with really weak brain cells.

little dave · 05-18-2007

Quote:

Originally Posted by itsnotme

Probably because they're singular elementals with really weak brain cells.

Only time will tell.

streaker69 · 05-18-2007

If you're so into learning Wireless Security, then I'm quite sure you've already bought this book. You should probably refer to it to answer the question you're asking. After all, isn't it more satisfying when you can figure these things out for yourself by reading the available books on the subject?

itsnotme · 05-18-2007

Quote:

Originally Posted by streaker69

If you're so into learning Wireless Security, then I'm quite sure you've already bought this book. You should probably refer to it to answer the question you're asking. After all, isn't it more satisfying when you can figure these things out for yourself by reading the available books on the subject?

Yup, the book got used in one of my research papers last week. Thorn, you're now in the turnitin.com database!

Thorn · 05-18-2007

Quote:

Originally Posted by Hunter Thompson

As I said, I have been trying to find information on this for some time and have come to ask for help, this is a newbie forum isn't it?

No. First of all you're in the NetStumbler.org WiFi Forums > Software > Windows Forum. Secondly, the Newbie Forum is for help with NetStumbler, not MAC filtering. It is located at NetStumbler.org WiFi Forums > Newbie Lounge, although since this is not a NetStumbler question using that forum wouldn't apply.

Quote:

Originally Posted by Hunter Thompson

... but I can't seem to understand how one would know this information. The only thing I could guess would work would be some kind of sniffer that could see someone else's traffic and clone the MAC address of their machine?

Here's my spoonfeed for 2007: Yes, it is possible to evade a MAC filter. Yes, using a sniffer might help. However, if this this situation is even close to what you claim, then the answer is right under your nose. Well, it's under your brother's nose anyway. Observe the world around you. Don't go all high tech with a sniffer -which would be difficult under Windows- when you can do it with a pencil and paper.

Hunter Thompson · 05-18-2007

Streaker69 - thank you for the link. This looks like it will be good reading to investigate this subject.

Dutch - I was to believe that if there is MAC filtering on an AP that you have to "spoof" your blacklisted address to one on the allowed list - and I was asking how someone would find out what one of the allowed addresses is. I have been reading more on the subject and am starting to understand it better, the book should help me understand even more. My very uneducated guess so far is that my brother is probably only allowing his own MAC address to connect, so I would have to sniff the network traffic to see what his MAC address is and spoof that. Another thing could be that he has simply turned off DHCP so users has to set their IP manually. If I still cannot connect after spoofing his MAC address, then I'll try to see the network traffic for which IP's are configured and configure a IP that would work. IE, if he has IP 192.168.0.5, then try to set my IP to 192.168.0.6, gateway is probably 192.168.0.1, but I may need to sniff a bit for that as well, and put in some valid DNS servers. All a very steep learning curve for me and I'm having fun figuring this all out, so thanks to you who are giving me tips!

Hunter Thompson · 05-18-2007

I am really sorry I thought I was in the newbie lounge, that is how much of a stoopid newb I am. I deserve all flames.

Dutch · 05-18-2007

Quote:

Originally Posted by Hunter Thompson

Streaker69 - thank you for the link. This looks like it will be good reading to investigate this subject.

Dutch - blah blah blah lah and more blah

Why the fsck are you adressing an answer to me ? Are you trying to irritate my colon ? Because if you are, I'll shit all over you in such a way you'll end up in a sanatorium, never to be heard from again.

Dutch

05-18-2007	#1 (permalink)
Hunter Thompson Registered Member Join Date: May 2007 Posts: 6	Beating MAC address filtering Hi Everyone, I am trying to figure wireless security - my brother has an AP in his room and I am trying to get access to it from my laptop. Please note I am a total newb when it comes to security stuff and we are trying to learn about it by finding holes. He setup as an unsecured AP at first, and I bought a Netgear WG511v2 card for my laptop which enabled me to connect to the internet through his ap with no problem - in fact, my laptop would just "get connected" by itself - it found the ap and got assigned an IP address automatically and hey presto - I'm surfin the net! So he did some research to try and secure the connection a bit more, I asked for him to try and do it little by little so we can get past each bit of security one bit at a time. He has now done something to his AP so that I am not being issued an IP address. His SSID is still "default" and there is no encryption enabled. So now I am trying to get back online through his AP. I have been reading up on what may have caused me to no longer have access and I am assuming he has looked in the ARP table, seen my MAC address accessing his network (I did not spoof my MAC) and somehow made a filter on his ap to only allow his MAC addresses. When I grill him if this is the deal he says "no" to everything else but gets shifty when I bring up MAC filtering- ha, I'm on to you. So I researched up on MAC addresses, figured out one can "spoof" a MAC address and got myself "Mac Makeup"; I changed my Netgear Wireless Card Mac Address but, still no IP address being issued... Am I on the right path? A few forum posts I have read state that Mac address filtering is "the weakest protection" you can use on WAP's, but I must be missing something - how does one figure out what valid MAC addresses are allowed? "Mac Makeup" seems to have the option to randomly generate a MAC address or nominate a specific one, but I can't seem to understand how one would know this information. The only thing I could guess would work would be some kind of sniffer that could see someone else's traffic and clone the MAC address of their machine? I have been trying to find information, forums, faq's and tutorials to help me get through this next step but have to ask for some assistance or direction to some information that might help out. Once I get through my bro's MAC filtering test I think he will try WEP, which seems to have a fair bit of info out there on. But this MAC address thing has me stumped, and everyone says it is the easiest to get past! I suck. Hey thanks for any information. Hunter

05-18-2007	#10 (permalink)
streaker69 Psychic Amish Stumbler Join Date: Jul 2004 Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA Posts: 11,842	If you're so into learning Wireless Security, then I'm quite sure you've already bought this book. You should probably refer to it to answer the question you're asking. After all, isn't it more satisfying when you can figure these things out for yourself by reading the available books on the subject? __________________ "One of these days, I'm going to cut you to pieces." If you're offended by this post, please feel free to report it to one of the many helpful moderators of this forum. Thank you.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

05-18-2007	#2 (permalink)
itsnotme Dumbass checker Join Date: Sep 2002 Location: Somewhere below Lake Ontario Posts: 1,076	What proof do we have that you're not just trying to find a way to hack into your neighbor's wifi? Do a search and you'll find a million posts similar to this.

05-18-2007	#3 (permalink)
Hunter Thompson Registered Member Join Date: May 2007 Posts: 6	As I said, I have been trying to find information on this for some time and have come to ask for help, this is a newbie forum isn't it? Well you don't know if I'm trying to get my neighbors net, I'm just sayin what the situation is. If someone wanted to secure their WAP I'm sure they would not have the SSID as default, with no encryption. We are just trying to learn here, if you have a link to any of these "million" posts that answer my queries then I would be most appreciative, I can't seem to find simple instructions that will provide this information. Thanks for any constructive comment. Hunter

05-18-2007	#4 (permalink)
itsnotme Dumbass checker Join Date: Sep 2002 Location: Somewhere below Lake Ontario Posts: 1,076	Pray tell, why is YOUR AP SSID set to default and with no encryption? If you were trying to secure it, you'd do what would be best: change the SSID and use a form of encryption! (Preferrably WPA) A lot of this stuff is common sense. MAC address blocking blocks certain MAC addresses or only allows a specific MAC address in. WPA encrypts the connection so that you need a password/passcode to connect. What else eludes your grasp?

05-18-2007	#5 (permalink)
Hunter Thompson Registered Member Join Date: May 2007 Posts: 6	Read my post, it is my brothers ap and we are trying to learn wireless security holes one step at a time, and the step we are at is MAC filtering. Your suggestion that we should "secure" our connection tells me you are not reading my post correctly? Look, I am just trying to learn new things here, have you got any suggestions or links in relation to my original post? What eludes my grasp is how to figure out what MAC address to spoof on an AP that filters MAC addresses.

05-18-2007	#7 (permalink)
itsnotme Dumbass checker Join Date: Sep 2002 Location: Somewhere below Lake Ontario Posts: 1,076	What eludes my grasp is how lamebrained you gentlemen are. Google is your friend, if you really want to do research on WiFi Security, then google it. There's tons of documented papers on how MAC address filters aren't that secure and how to beat them. In case you didn't notice, this forum doesn't spoonfeed. If perchance spoonfeeding does happen, it's a rare event. I've spoonfed you enough, go forth in the world and research. This is starting to sound like a school paper to me, considering I've written a few of these papers, I should know.

05-18-2007	#13 (permalink)
Hunter Thompson Registered Member Join Date: May 2007 Posts: 6	Streaker69 - thank you for the link. This looks like it will be good reading to investigate this subject. Dutch - I was to believe that if there is MAC filtering on an AP that you have to "spoof" your blacklisted address to one on the allowed list - and I was asking how someone would find out what one of the allowed addresses is. I have been reading more on the subject and am starting to understand it better, the book should help me understand even more. My very uneducated guess so far is that my brother is probably only allowing his own MAC address to connect, so I would have to sniff the network traffic to see what his MAC address is and spoof that. Another thing could be that he has simply turned off DHCP so users has to set their IP manually. If I still cannot connect after spoofing his MAC address, then I'll try to see the network traffic for which IP's are configured and configure a IP that would work. IE, if he has IP 192.168.0.5, then try to set my IP to 192.168.0.6, gateway is probably 192.168.0.1, but I may need to sniff a bit for that as well, and put in some valid DNS servers. All a very steep learning curve for me and I'm having fun figuring this all out, so thanks to you who are giving me tips!

05-18-2007	#14 (permalink)
Hunter Thompson Registered Member Join Date: May 2007 Posts: 6	I am really sorry I thought I was in the newbie lounge, that is how much of a stoopid newb I am. I deserve all flames.