Results 1 to 3 of 3

Thread: detecting MAC cloning, e.g. using RARP

  1. #1
    Senior Member
    Join Date
    Dec 2006
    Posts
    105

    Default detecting MAC cloning, e.g. using RARP

    Hello,

    looking at my firewall/AP logs it's obvious that somebody did use my AP (WEP encryption enabled) during my absence ..

    Among different other counter measurements I would like to be able to
    determine if any computer (of my neighbors) are performing MAC cloning.

    Therefore I would like to send RARP(Reverse ARP) requests to my MAC address in order to be able to find out
    if multiple replies are received for a single MAC address.

    The tool RARP seems to be included in BT3, but the kernel does seems to be RARP enabled...


    Questions:
    Are there other approaches to detect MAC cloning?



    Thank's a lot in advance for any constructive feedback!

    John

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Why in gods name are you only using WEP encryption. Most people can claim ignorance because they don't know any better but I'd be interested in hearing your excuse.

  3. #3
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Heya, ShadowKill here. I recommend you research utilizing Radio Frequency Fingerprinting within an ABID system, as well as the Bayesian Ramp Change Detector. Without going into great detail, it creates a unique profile of your card's frequency and hardware characteristics based on power-up time, tranmission states, et al and runs constant checks on your profile -vs- "outside" freqs, regardless of MAC. If a MAC with different characteristics than those of your profile attempt to connect, it will label it as a clone and deny access. Pretty interesting information actually.

    Hope that helped a bit. Let me know if you need anything else. And thanks for shopping at Wall-Mart!!!! Sorry, just watched Southpark....



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •