bypassing mac filters?

[iliyapolak]

Well I must be missing something then, I can spoof an approved MAC addy on a WPA2 network just fine,

You can spoof data frames when WPA2 is used only when you have recovered a key , otherwise your data frames will be rejected.

perhaps you have a trial example you would care to share with us .. ?

Perhaps you should have toroughly read and be able to understand 802.11 standard before you are trying to discredit my post.
In my post i was only suggesting the methods that could be implemented in order to give more protection against the aircrack attacks.
Try to broaden and deeper your knowledge because it is lacking at some areas.
Btw what is your education are you programmer? If you are you should have known how the frames are represented in the driver code how Nic hardware counters could be used to track frame statistics and even scalar values like power measurement could be useful to fight off spoofing (think about this)

http://www.backtrack-linux.org/forum...c-filters.html

This link only has proven to me what i have stated above that your knowledge is simply not deep enough to even understand my suggestion.
Go and learn.

[TAPE]

tut tut.. such attitude .. kinda expected it though..
of course I am no programmer.. that much should be more than clear by my posts and blog..

I am learning when time permits and continue to do so, with all respect to others. suggest you try the same.


Will now stop feeding trolls.

[iliyapolak]

By displaying my knowledge am i hurting you?
Is it forbidden here to be a knowledgeable person?
I respect other people and i often offer them a helping hand , but sometimes my language is going to be a little bit more advanced if it is offending you please let me know.

[funnybob]

Well I must be missing something then, I can spoof an approved MAC addy on a WPA2 network just fine,
just set up a test router (Linksys WRT54G) with hidden SSID, WPA2 AES and no problems spoofing.
(now connecting straight away with WICD.. thats a different story.. sjeesh.. gotta get back to cli)
and your 'easy' spoofing prevention... doesnt sound so easy !
perhaps you have a trial example you would care to share with us .. ?



If you have nothing in the filter.. then there is surely nothing to bruteforce ? All MAC addies should be able to connect ?

I had a go at it a while ago, forget which type of router I was using at the time, but you should read this
thread for the response I got from the author of MDK3;
http://www.backtrack-linux.org/forum...c-filters.html



Might have another shot with wireshark running to see what's going on exactly.

Well the mac filter is on but I did not add anyone to the exceptions list, and can't connect so I'm sure its working.

[Gitsnik]

Alright guys, you should probably stop before Amael comes in here with that lock button.

Strictly speaking, you need to know the password to inject ethernet frames. You can inject wireless frames without knowing the password though (otherwise the disassosc wouldn't work). Those of you with actual networking knowledge should be seeing the bottom two layers of the OSI model right here.

TAPE wasn't talking about injecting Data frames.
iliyapolak wasn't talking about injecting Link Layer frames.

Ergo, you are both right and you are both wrong. iliyapolak you need to go through a few more of the posts to get a feel for how the community tries to interact with each other. It's a manners thing.

Tape, hey I've been watching your career with some interest. So now you know something else - without a password you can't inject data frames.

Moreover (I love that word) spoofing is only easily preventable when the device is static and is active on the network, otherwise you would get locked out if you suddenly took your laptop to the rear of the coverage zone (something I frequently do). Unless you are running a fully compliant 802.1X environment and then VPN'ing through the firewall you would put in, you are probably vulnerable to something.

Congratulations guys you both learned something new.

[iliyapolak]

Moreover (I love that word) spoofing is only easily preventable when the device is static and is active on the network

Yes i agree with you, but as far as i know there is an ongoing research on more advanced counter-spoofing methods like a spectral analysis of various wi-fi chipsets , driver timing analysis and fingerprinting
also new 802.11w should prevent spoofing of management frames when it is implemented.
With current 802.11n standard you can spoof management and control frames because of the lack of protection and if there are other means of protections they are not a part of official 802.11 standard.

[funnybob]

Well currently I'm not trying to hack wpa/wpa2 with mac filtering in place. Does anyone know of a good program to just hack an open network and bypass the mac filter w/o a client/spoofing? That is what I'm currently trying to do. Thank you again for any help.

[drakedeon]

I don't know of anyway to "bypass" a MAC filter unless you have access to change the database of MAC adresses. Layer 2 filtering does not pass any frames to the higher layers where applications or software maybe vunerable, there is still MAC filtering used in CCNA training and there was no reference as to any issues to it's use on wired networks apart from spoofing.

[M00kaw]

Well currently I'm not trying to hack wpa/wpa2 with mac filtering in place. Does anyone know of a good program to just hack an open network and bypass the mac filter w/o a client/spoofing? That is what I'm currently trying to do. Thank you again for any help.

That does not sound like your own network... Actually, this entire thread sounds like you need help to access a wireless network that does not belong to you. You haven't been able to answer even the simplest questions about the network..

[iliyapolak]

That does not sound like your own network... Actually, this entire thread sounds like you need help to access a wireless network that does not belong to you. You haven't been able to answer even the simplest questions about the network.

Let him practise.