we all know about MAC spoofing and the problems that relate to that… talking from network admin’s perspective
As I know MAC address is hard-coded on a network interface controller (NIC) and cannot be changed . (source : https://en.wikipedia.org/wiki/MAC_spoofing )
also there is diffrence between the physical and the virtual mac address ( the spoofed one ).
so, I want to know if there is any way or technique for making Router OS detect the virtual mac address or even do not accept any client with virtual mac address.
I want it to seek for the original mac address and ignore the other .
I think if I found solution for such thing I will prohibit most of the hacking technique.
When a device (Mikrotik or otherwise) receives an ethernet frame, it is impossible to determine whether the SRC MAC address is really the one built into the nic or some spoofed MAC address.
The reason is that there’s no such information in the ethernet frame header. There is simply a field for SRC MAC. Even if there were such a field, I’m 100% positive that any MAC spoofing could just as easily set this bit/flag/field to indicate real MAC. i.e. - “I’m not lying” is an easy lie to tell.
I’m some sort of having a hotspot and I’m suffering from hackers.
currently, I’m using the Vlan method on my APs
it’s fairly great but still have some bugs.
As a result, I thought if I could control the mac address by allowing the real Mac address and drop or do not accept any virtual mac address or the spoofed ones ,almost most of my problems will be solved.
Not possible.
It is true that each network card has a ROM memory that has the standard MAC address for that card.
However, this ROM is not directly used. The driver copies the ROM content to the registers of the
actual controller that provide the source MAC address. It is a default value, it can be changed by
a programmer later. And there is no way to detect, when receiving a packet, if the MAC address is
the default one or a changed one.
(there is a bit in the MAC address that is reserved for user-generated MAC addresses, but this is
for the good guys. the bad guys don’t use this bit and there is nothing you can do to keep them out)
I think you need to drop your assumption about “virtual” MAC address vs. hard-coded MAC address.
In practice, they’re one and the same because the interface drivers cause the NIC (wireless or ethernet) to use a different MAC address than the one encoded into the ROM of the hardware. At that point, the ROM-based MAC pretty much no longer exists. You might think of this more as a “default” MAC than a “hard-coded” MAC.
Anyway, once a frame is transmitted, then the MAC address on that frame is the only thing you have to go on. (You can’t drill into the client’s hardware and poll it for its ROM’s encoded MAC address, and even if such a protocol existed, then certainly software could be written to forge the replies).
There’s not much you can do to stop someone from spoofing a MAC address, especially not in a hotspot environment where you have unknown people bringing unknown devices and attaching them at will to an open network. The most effective means of blocking malicious users is to deploy wpa2-enterprise authentication using client certificates for authentication - but obviously this is not feasible for an easy-to-access hotspot environment. About the best you can do for access-layer security on an open wlan is enable host isolation (default-forward=no in Mikrotik-speak) so that the endpoints can’t arp-poison / dhcp-poison each other directly. This still doesn’t address the issue of spoofed MAC addresses as far as interfering with traffic to/from the router, and doesn’t address the deauth vulnerability (which AFAIK is still a problem even with wpa2).
Never forget that WiFi is only usable for leisure usage, like providing internet to customers who are friendly,
in an environment that is not hostile. It is not usable for reliable business usage in the presence of bad guys.
Compare it to a street party: everyone has fun while the friendly neighbors join the party, but as soon
as the Donald hears about your party and comes grabbing the women’s p*ssy, the fun is over.
You either have to expel him from the party, or when that is not practical you have to concede that an
open party does not work in an environment where people don’t know how to behave.
