Wireless Access

Reply

Mac Conflicts/Spoofing - DoS

Is there a way to detect/handle mac address conflicts/spoofed mac addresses between two clients that are connected to APs terminated to the same controller - between an open-network and 802.1x network? I ran into an interesting situation where a student had set their X-Box 360 to the same MAC Address of their Mac Book - and resulted in connectivity issues while in their dorm room. From the controller's perspective - the client was roaming between our open-network and our 802.1x network - which was enough to cause desruptions for the student's mac book.

 

It was difficult to catch as (Fun Fact - despite the X-Box 360 being plugged into the Ethernet port and passing all it's traffic over the Ethernet connection - the X-Box 360 was still doing basic 802.11 (association/authentication/action) frames periodically - BUT no traffic was actually being generated/passed over the wireless interface to the controller - DHCP, ARP, etc). I only started to cacth it when I noticed the phy type of the open network was always 2.4 - and the the "poorer choice of APs" it was choosing.

 

We've resolved the connectivity issue for the student - but I'm diving into this more for future prevention. We're also looking to leverage Clearpass Fingerprinting for catching conflicts - but that wouldn't have helped here with the open network.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: