Beating MAC address filtering

Beating MAC address filtering

Postby Hunter Thompson » Thu May 17, 2007 10:48 pm

Hi Everyone,

I am trying to figure wireless security - my brother has an AP in his room and I am trying to get access to it from my laptop. Please note I am a total newb when it comes to security stuff and we are trying to learn about it by finding holes.

He setup as an unsecured AP at first, and I bought a Netgear WG511v2 card for my laptop which enabled me to connect to the internet through his ap with no problem - in fact, my laptop would just "get connected" by itself - it found the ap and got assigned an IP address automatically and hey presto - I'm surfin the net!

So he did some research to try and secure the connection a bit more, I asked for him to try and do it little by little so we can get past each bit of security one bit at a time. He has now done something to his AP so that I am not being issued an IP address. His SSID is still "default" and there is no encryption enabled.

So now I am trying to get back online through his AP. I have been reading up on what may have caused me to no longer have access and I am assuming he has looked in the ARP table, seen my MAC address accessing his network (I did not spoof my MAC) and somehow made a filter on his ap to only allow his MAC addresses. When I grill him if this is the deal he says "no" to everything else but gets shifty when I bring up MAC filtering- ha, I'm on to you.

So I researched up on MAC addresses, figured out one can "spoof" a MAC address and got myself "Mac Makeup"; I changed my Netgear Wireless Card Mac Address but, still no IP address being issued...

Am I on the right path? A few forum posts I have read state that Mac address filtering is "the weakest protection" you can use on WAP's, but I must be missing something - how does one figure out what valid MAC addresses are allowed? "Mac Makeup" seems to have the option to randomly generate a MAC address or nominate a specific one, but I can't seem to understand how one would know this information. The only thing I could guess would work would be some kind of sniffer that could see someone else's traffic and clone the MAC address of their machine?

I have been trying to find information, forums, faq's and tutorials to help me get through this next step but have to ask for some assistance or direction to some information that might help out. Once I get through my bro's MAC filtering test I think he will try WEP, which seems to have a fair bit of info out there on. But this MAC address thing has me stumped, and everyone says it is the easiest to get past! I suck.

Hey thanks for any information.
Hunter
Hunter Thompson
Mini Stumbler
 
Posts: 6
Joined: Thu May 17, 2007 10:38 pm

Postby itsnotme » Thu May 17, 2007 11:19 pm

What proof do we have that you're not just trying to find a way to hack into your neighbor's wifi? Do a search and you'll find a million posts similar to this.
User avatar
itsnotme
 
Posts: 1074
Joined: Wed Sep 04, 2002 10:19 pm
Location: Somewhere below Lake Ontario

Postby Hunter Thompson » Thu May 17, 2007 11:28 pm

As I said, I have been trying to find information on this for some time and have come to ask for help, this is a newbie forum isn't it?

Well you don't know if I'm trying to get my neighbors net, I'm just sayin what the situation is. If someone wanted to secure their WAP I'm sure they would not have the SSID as default, with no encryption. We are just trying to learn here, if you have a link to any of these "million" posts that answer my queries then I would be most appreciative, I can't seem to find simple instructions that will provide this information.

Thanks for any constructive comment.

Hunter
Hunter Thompson
Mini Stumbler
 
Posts: 6
Joined: Thu May 17, 2007 10:38 pm

Postby itsnotme » Thu May 17, 2007 11:36 pm

Pray tell, why is YOUR AP SSID set to default and with no encryption? If you were trying to secure it, you'd do what would be best: change the SSID and use a form of encryption! (Preferrably WPA)

A lot of this stuff is common sense. MAC address blocking blocks certain MAC addresses or only allows a specific MAC address in. WPA encrypts the connection so that you need a password/passcode to connect.

What else eludes your grasp?
User avatar
itsnotme
 
Posts: 1074
Joined: Wed Sep 04, 2002 10:19 pm
Location: Somewhere below Lake Ontario

Postby Hunter Thompson » Thu May 17, 2007 11:46 pm

Read my post, it is my brothers ap and we are trying to learn wireless security holes one step at a time, and the step we are at is MAC filtering. Your suggestion that we should "secure" our connection tells me you are not reading my post correctly? Look, I am just trying to learn new things here, have you got any suggestions or links in relation to my original post? What eludes my grasp is how to figure out what MAC address to spoof on an AP that filters MAC addresses.
Hunter Thompson
Mini Stumbler
 
Posts: 6
Joined: Thu May 17, 2007 10:38 pm

Postby little dave » Thu May 17, 2007 11:50 pm

Hunter Thompson wrote:Read my post, it is my brothers ap and we are trying to learn wireless security holes one step at a time, and the step we are at is MAC filtering. Your suggestion that we should "secure" our connection tells me you are not reading my post correctly? Look, I am just trying to learn new things here, have you got any suggestions or links in relation to my original post? What eludes my grasp is how to figure out what MAC address to spoof on an AP that filters MAC addresses.


You need to explain this. Why are you spoofing anything?
What happened to Dutch?
little dave
 
Posts: 382
Joined: Wed Dec 28, 2005 4:22 pm
Location: somewhere between 00:0f:f8:58:58:08 and 00:13:10:20:20:83

Postby itsnotme » Thu May 17, 2007 11:52 pm

What eludes my grasp is how lamebrained you gentlemen are. Google is your friend, if you really want to do research on WiFi Security, then google it. There's tons of documented papers on how MAC address filters aren't that secure and how to beat them.

In case you didn't notice, this forum doesn't spoonfeed. If perchance spoonfeeding does happen, it's a rare event.

I've spoonfed you enough, go forth in the world and research.

This is starting to sound like a school paper to me, considering I've written a few of these papers, I should know.
User avatar
itsnotme
 
Posts: 1074
Joined: Wed Sep 04, 2002 10:19 pm
Location: Somewhere below Lake Ontario

Postby itsnotme » Thu May 17, 2007 11:53 pm

little dave wrote:You need to explain this. Why are you spoofing anything?


Probably because they're [color="Red"]s[/color]ingular [color="Red"]e[/color]lementals with really weak brain cells.
User avatar
itsnotme
 
Posts: 1074
Joined: Wed Sep 04, 2002 10:19 pm
Location: Somewhere below Lake Ontario

Postby little dave » Thu May 17, 2007 11:55 pm

itsnotme wrote:Probably because they're [color="Red"]s[/color]ingular [color="Red"]e[/color]lementals with really weak brain cells.



Only time will tell.
What happened to Dutch?
little dave
 
Posts: 382
Joined: Wed Dec 28, 2005 4:22 pm
Location: somewhere between 00:0f:f8:58:58:08 and 00:13:10:20:20:83

Postby streaker69 » Fri May 18, 2007 2:56 am

If you're so into learning Wireless Security, then I'm quite sure you've already bought this book. You should probably refer to it to answer the question you're asking. After all, isn't it more satisfying when you can figure these things out for yourself by reading the available books on the subject?
Treat your gun like your genitals, only whip it out when it's absolutely necessary.
User avatar
streaker69
 
Posts: 11867
Joined: Thu Jul 08, 2004 10:09 am
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA

Postby itsnotme » Fri May 18, 2007 3:44 am

streaker69 wrote:If you're so into learning Wireless Security, then I'm quite sure you've already bought this book. You should probably refer to it to answer the question you're asking. After all, isn't it more satisfying when you can figure these things out for yourself by reading the available books on the subject?


Yup, the book got used in one of my research papers last week. Thorn, you're now in the turnitin.com database! :)
User avatar
itsnotme
 
Posts: 1074
Joined: Wed Sep 04, 2002 10:19 pm
Location: Somewhere below Lake Ontario

Postby Thorn » Fri May 18, 2007 4:19 am

Hunter Thompson wrote:As I said, I have been trying to find information on this for some time and have come to ask for help, this is a newbie forum isn't it?
No. First of all you're in the NetStumbler.org WiFi Forums > Software > Windows Forum. Secondly, the Newbie Forum is for help with NetStumbler, not MAC filtering. It is located at NetStumbler.org WiFi Forums > Newbie Lounge, although since this is not a NetStumbler question using that forum wouldn't apply.

Hunter Thompson wrote:... but I can't seem to understand how one would know this information. The only thing I could guess would work would be some kind of sniffer that could see someone else's traffic and clone the MAC address of their machine?


Here's my spoonfeed for 2007: Yes, it is possible to evade a MAC filter. Yes, using a sniffer might help. However, if this this situation is even close to what you claim, then the answer is right under your nose. Well, it's under your brother's nose anyway. Observe the world around you. Don't go all high tech with a sniffer -which would be difficult under Windows- when you can do it with a pencil and paper.
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby Hunter Thompson » Fri May 18, 2007 4:31 am

Streaker69 - thank you for the link. This looks like it will be good reading to investigate this subject.

Dutch - I was to believe that if there is MAC filtering on an AP that you have to "spoof" your blacklisted address to one on the allowed list - and I was asking how someone would find out what one of the allowed addresses is. I have been reading more on the subject and am starting to understand it better, the book should help me understand even more. My very uneducated guess so far is that my brother is probably only allowing his own MAC address to connect, so I would have to sniff the network traffic to see what his MAC address is and spoof that. Another thing could be that he has simply turned off DHCP so users has to set their IP manually. If I still cannot connect after spoofing his MAC address, then I'll try to see the network traffic for which IP's are configured and configure a IP that would work. IE, if he has IP 192.168.0.5, then try to set my IP to 192.168.0.6, gateway is probably 192.168.0.1, but I may need to sniff a bit for that as well, and put in some valid DNS servers. All a very steep learning curve for me and I'm having fun figuring this all out, so thanks to you who are giving me tips!
Hunter Thompson
Mini Stumbler
 
Posts: 6
Joined: Thu May 17, 2007 10:38 pm

Postby Hunter Thompson » Fri May 18, 2007 4:34 am

I am really sorry I thought I was in the newbie lounge, that is how much of a stoopid newb I am. I deserve all flames.
Hunter Thompson
Mini Stumbler
 
Posts: 6
Joined: Thu May 17, 2007 10:38 pm

Postby Dutch » Fri May 18, 2007 4:39 am

Hunter Thompson wrote:Streaker69 - thank you for the link. This looks like it will be good reading to investigate this subject.

Dutch - blah blah blah lah and more blah



Why the fsck are you adressing an answer to me ? Are you trying to irritate my colon ? Because if you are, I'll shit all over you in such a way you'll end up in a sanatorium, never to be heard from again.

Dutch
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
User avatar
Dutch
 
Posts: 6698
Joined: Fri Mar 05, 2004 12:00 pm
Location: City of Mermaids, Denmark

Next

Return to Windows

Who is online

Users browsing this forum: No registered users and 3 guests