Abstract
Medium Access Control (MAC) address spoofing is considered as an important first step in a hacker’s attempt to launch a variety of attacks on 802.11 wireless networks. Unfortunately, MAC address spoofing is hard to detect. Most current spoofing detection systems mainly use the sequence number (SN) tracking technique, which has drawbacks. Firstly, it may lead to an increase in the number of false positives. Secondly, such techniques cannot be used in systems with wireless cards that do not follow standard 802.11 sequence number patterns. Thirdly, attackers can forge sequence numbers, thereby causing the attacks to go undetected. We present a new architecture called WISE GUARD (Wireless Security Guard) for detection of MAC address spoofing on 802.11 wireless LANs. It integrates three detection techniques – SN tracking, Operating System (OS) fingerprinting & tracking and Received Signal Strength (RSS) fingerprinting & tracking. It also includes the fingerprinting of Access Point (AP) parameters as an extension to the OS fingerprinting for detection of AP address spoofing. We have implemented WISE GUARD on a test bed using off-the-shelf wireless devices and open source drivers. Experimental results show that the new design enhances the detection effectiveness and reduces the number of false positives in comparison with current approaches.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
IEEE Wireless LAN Standards (accessed March 2007), http://standards.ieee.org/
Ethereal – network protocol analyzer (accessed March 2007), http://www.ethereal.com
Netstumbler (accessed March 2007), http://www.netstumbler.com
Kismet (accessed March 2007), http://www.kismetwireless.net
Airsnort (accessed March 2007), http://airsnort.shmoo.com
Wright, J.: Detecting Wireless LAN MAC Address Spoofing (January 2003, site accessed March 2007) (2003), http://home.jwu.edu/wright/papers.htm
Haidong, X., Brustoloni, J., Mitrou, N., Kontovasilis, K., Rouskas, G., Iliadis, I., Merakos, L.: Detecting and blocking unauthorized access in Wi-Fi networks. In: Proceedings of the International Networking Conference, May 2004, pp. 795–806 (2004)
Arkin, O.: ICMP Usage in Scanning, Sys-Security Group Publication (accessed March 2007) (July 2000), http://www.sys-security.com/archive/papers/ICMP_Scanning_v1.0.pdf
Zalewski, M.: Passive OS fingerprinting tool (accessed March 2007), http://www.networkintrusion.co.uk/osfp.htm
Bahl, P., Padmanabhan, V.N.: Radar: An in-building rf-based user location and tracking system. In: Proceedings of the IEEE Infocom 2000, Tel-Aviv, Israel, vol. 2, pp. 775–784 (March 2000)
A Practical Approach to Identifying and Tracking Unauthorized 802.11 cards and Access Points, White Paper, Interlink Networks, Inc. (April 2002)
Bardwell, J.: WiFi Radio Characteristics and the Cost of WLAN implementation. White Paper, Connect802 (accessed March 2007), http://www.connect802.com/white_papers.htm
Airopeek (accessed March 2007), http://www.wildpackets.com/
Snort-Wireless (accessed March 2007), http://snort-wireless.org
WiFi Scanner (accessed March 2007), http://wifiscanner.sourceforge.net
Air Defense Enterprise (accessed March 2007), http://www.airdefense.net
Aruba Networks (accessed March 2007), http://www.arubanetworks.com
Bahl, P., Padmanabhan, V.N., Balachandran, A.: A Software System for Locating Mobile Users: Design, Evaluation, and Lessons. MSR-TR-2000-12 (accessed March 2007) (Febuary 2000), http://citeseer.ist.psu.edu/bahl00software.html
Malinen, J., et al.: Host AP driver for Intersil Prism2/2.5/3, hostapd, and WPA Supplicant (accessed March 2007), http://hostap.epitest.fi/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tao, K., Li, J., Sampalli, S. (2008). Detection of Spoofed MAC Addresses in 802.11 Wireless Networks. In: Filipe, J., Obaidat, M.S. (eds) E-business and Telecommunications. ICETE 2007. Communications in Computer and Information Science, vol 23. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88653-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-88653-2_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88652-5
Online ISBN: 978-3-540-88653-2
eBook Packages: Computer ScienceComputer Science (R0)