Wireless Access

Occasional Contributor I

How to stop MAC spoofing by Chamele MAC

Hello , 


I want to ask that if somebody in our organization who is not allowed to use Wi-Fi can bind MAC address to his device which is allowed for W-Fi access by using open source application called CHAMELE MAC.

How to identify that user and stop him.???


Please help

Guru Elite

Re: How to stop MAC spoofing by Chamele MAC

You would configure IP and ARP spoofing in the global firewall parameters:  http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Roles/Global_Firewall_Paramete.htm?Highlight=spoofing


The best way to protect against spoofing is to use 802.1x encryption, however.  Using only an open or preshared key SSID has more limited protection for ip and ARP spoofing than an 802.1x SSID.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Guru Elite

Re: How to stop MAC spoofing by Chamele MAC

Adding a full policy management solution is really the only solution. ClearPass can detect MAC spoofing and take appropriate action.


Also, just FYI, on most platforms, no third party software is required to spoof a MAC. On Linux and Mac, it's a simple command. Not even a reboot is needed.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: