Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

How to stop MAC spoofing by Chamele MAC

This thread has been viewed 1 times

  • 1.  How to stop MAC spoofing by Chamele MAC

    Posted Mar 04, 2017 12:13 AM

    Hello , 

     

    I want to ask that if somebody in our organization who is not allowed to use Wi-Fi can bind MAC address to his device which is allowed for W-Fi access by using open source application called CHAMELE MAC.

    How to identify that user and stop him.???

     

    Please help



  • 2.  RE: How to stop MAC spoofing by Chamele MAC

    EMPLOYEE
    Posted Mar 04, 2017 04:43 AM

    You would configure IP and ARP spoofing in the global firewall parameters:  http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Roles/Global_Firewall_Paramete.htm?Highlight=spoofing

     

    The best way to protect against spoofing is to use 802.1x encryption, however.  Using only an open or preshared key SSID has more limited protection for ip and ARP spoofing than an 802.1x SSID.



  • 3.  RE: How to stop MAC spoofing by Chamele MAC

    EMPLOYEE
    Posted Mar 04, 2017 10:32 AM

    Adding a full policy management solution is really the only solution. ClearPass can detect MAC spoofing and take appropriate action.

     

    Also, just FYI, on most platforms, no third party software is required to spoof a MAC. On Linux and Mac, it's a simple command. Not even a reboot is needed.