This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Strategies needed to identify mac spoofing rogue devices

donald_curry_58
New Contributor III

‎10-04-2013 09:20 AM

Need help Identifying MAC Spoofing Rogues. I have a customer with a zone director showing MAC Spoofing Rogues with MACs 24:c9:a1:49:2c:9c and 24:c9:a1:09:2c:9c. Obviously none of the ZF7055 AP's at this site have that exact MAC, but the Spoof is being detected by a ZF7055.
1 REPLY 1

bill_burns_6069
Contributor III

‎01-09-2014 11:14 AM

I assume you mean: how do you identify "malicious" wifi clients that have cloned the mac addresses of other authorized clients.

This can happen in MAC auth bypass scenarios.

One way to deal with this is by using a product/service like nessus.
For example, if you were using packetfence to onboard / "authenticate" / register devices on your network, you could integrate packetfence with nessus.

Nessus would create a "fingerprint" of the wifi client, and (hopefully) detect that the identity of the client using that mac address/IP had changed on a subsequent scan.
0 Kudos
Copyright © 2024 Khoros, LLC