Results 1 to 3 of 3

Thread: detecting MAC cloning, e.g. using RARP

  1. #1
    Senior Member
    Join Date
    Dec 2006

    Default detecting MAC cloning, e.g. using RARP


    looking at my firewall/AP logs it's obvious that somebody did use my AP (WEP encryption enabled) during my absence ..

    Among different other counter measurements I would like to be able to
    determine if any computer (of my neighbors) are performing MAC cloning.

    Therefore I would like to send RARP(Reverse ARP) requests to my MAC address in order to be able to find out
    if multiple replies are received for a single MAC address.

    The tool RARP seems to be included in BT3, but the kernel does seems to be RARP enabled...

    Are there other approaches to detect MAC cloning?

    Thank's a lot in advance for any constructive feedback!


  2. #2
    Join Date
    Mar 2007


    Why in gods name are you only using WEP encryption. Most people can claim ignorance because they don't know any better but I'd be interested in hearing your excuse.

  3. #3
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007


    Heya, ShadowKill here. I recommend you research utilizing Radio Frequency Fingerprinting within an ABID system, as well as the Bayesian Ramp Change Detector. Without going into great detail, it creates a unique profile of your card's frequency and hardware characteristics based on power-up time, tranmission states, et al and runs constant checks on your profile -vs- "outside" freqs, regardless of MAC. If a MAC with different characteristics than those of your profile attempt to connect, it will label it as a clone and deny access. Pretty interesting information actually.

    Hope that helped a bit. Let me know if you need anything else. And thanks for shopping at Wall-Mart!!!! Sorry, just watched Southpark....

    "The goal of every man should be to continue living even after he can no longer draw breath."


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts