Detection of Spoofed MAC Addresses in 802.11 Wireless Networks

Tao, Kai; Li, Jing; Sampalli, Srinivas

doi:10.1007/978-3-540-88653-2_15

Kai Tao³,
Jing Li³ &
Srinivas Sampalli³

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 23))

Included in the following conference series:

International Conference on E-Business and Telecommunications

815 Accesses
2 Citations

Abstract

Medium Access Control (MAC) address spoofing is considered as an important first step in a hacker’s attempt to launch a variety of attacks on 802.11 wireless networks. Unfortunately, MAC address spoofing is hard to detect. Most current spoofing detection systems mainly use the sequence number (SN) tracking technique, which has drawbacks. Firstly, it may lead to an increase in the number of false positives. Secondly, such techniques cannot be used in systems with wireless cards that do not follow standard 802.11 sequence number patterns. Thirdly, attackers can forge sequence numbers, thereby causing the attacks to go undetected. We present a new architecture called WISE GUARD (Wireless Security Guard) for detection of MAC address spoofing on 802.11 wireless LANs. It integrates three detection techniques – SN tracking, Operating System (OS) fingerprinting & tracking and Received Signal Strength (RSS) fingerprinting & tracking. It also includes the fingerprinting of Access Point (AP) parameters as an extension to the OS fingerprinting for detection of AP address spoofing. We have implemented WISE GUARD on a test bed using off-the-shelf wireless devices and open source drivers. Experimental results show that the new design enhances the detection effectiveness and reduces the number of false positives in comparison with current approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

IEEE Wireless LAN Standards (accessed March 2007), http://standards.ieee.org/
Ethereal – network protocol analyzer (accessed March 2007), http://www.ethereal.com
Netstumbler (accessed March 2007), http://www.netstumbler.com
Kismet (accessed March 2007), http://www.kismetwireless.net
Airsnort (accessed March 2007), http://airsnort.shmoo.com
Wright, J.: Detecting Wireless LAN MAC Address Spoofing (January 2003, site accessed March 2007) (2003), http://home.jwu.edu/wright/papers.htm
Haidong, X., Brustoloni, J., Mitrou, N., Kontovasilis, K., Rouskas, G., Iliadis, I., Merakos, L.: Detecting and blocking unauthorized access in Wi-Fi networks. In: Proceedings of the International Networking Conference, May 2004, pp. 795–806 (2004)
Google Scholar
Arkin, O.: ICMP Usage in Scanning, Sys-Security Group Publication (accessed March 2007) (July 2000), http://www.sys-security.com/archive/papers/ICMP_Scanning_v1.0.pdf
Zalewski, M.: Passive OS fingerprinting tool (accessed March 2007), http://www.networkintrusion.co.uk/osfp.htm
Bahl, P., Padmanabhan, V.N.: Radar: An in-building rf-based user location and tracking system. In: Proceedings of the IEEE Infocom 2000, Tel-Aviv, Israel, vol. 2, pp. 775–784 (March 2000)
Google Scholar
A Practical Approach to Identifying and Tracking Unauthorized 802.11 cards and Access Points, White Paper, Interlink Networks, Inc. (April 2002)
Google Scholar
Bardwell, J.: WiFi Radio Characteristics and the Cost of WLAN implementation. White Paper, Connect802 (accessed March 2007), http://www.connect802.com/white_papers.htm
Airopeek (accessed March 2007), http://www.wildpackets.com/
Snort-Wireless (accessed March 2007), http://snort-wireless.org
WiFi Scanner (accessed March 2007), http://wifiscanner.sourceforge.net
Air Defense Enterprise (accessed March 2007), http://www.airdefense.net
Aruba Networks (accessed March 2007), http://www.arubanetworks.com
Bahl, P., Padmanabhan, V.N., Balachandran, A.: A Software System for Locating Mobile Users: Design, Evaluation, and Lessons. MSR-TR-2000-12 (accessed March 2007) (Febuary 2000), http://citeseer.ist.psu.edu/bahl00software.html
Malinen, J., et al.: Host AP driver for Intersil Prism2/2.5/3, hostapd, and WPA Supplicant (accessed March 2007), http://hostap.epitest.fi/

Download references

Author information

Authors and Affiliations

Faculty of Computer Science, Dalhousie University, 6050 University Avenue, Halifax, Nova Scotia, B3H 1W5, Canada
Kai Tao, Jing Li & Srinivas Sampalli

Authors

Kai Tao
View author publications
You can also search for this author in PubMed Google Scholar
Jing Li
View author publications
You can also search for this author in PubMed Google Scholar
Srinivas Sampalli
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Polytechnic Institute of Setúbal – INSTICC,, Av. D. Manuel I, 27A - 2. Esq., 2910-595, Setúbal, Portugal
Joaquim Filipe
Department of Computer Science, Monmouth University, West Long Branch, NJ 07764, U.S.A.
Mohammad S. Obaidat

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Tao, K., Li, J., Sampalli, S. (2008). Detection of Spoofed MAC Addresses in 802.11 Wireless Networks. In: Filipe, J., Obaidat, M.S. (eds) E-business and Telecommunications. ICETE 2007. Communications in Computer and Information Science, vol 23. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88653-2_15

Download citation

DOI: https://doi.org/10.1007/978-3-540-88653-2_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88652-5
Online ISBN: 978-3-540-88653-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics