1-i will make one address per mac
2-i will specify an address for the client
3- i will make shared users more than "1"or “none”
4 i will disable broadcast
5- i will make a virtual gateway for dhcp
when the hacker who use mac spoofing try to join by the spoofing mac
he cant take the specific address from dhcp because the address already has been bound by the real client and cant take another address from dhcp because of specifying one address per mac for the real client
we will do shared users per mac “2or more"or"none” to allow the spoofer to join but he wont take the specific id and in the same time the real client wont log of in result of spoofer joining
the spoofer in this time wil have a yellow triangle mark on his connection and he will have to insert the ip and gateway manually
here it is the job of virtual gateway of dhcp he will not be able to know this virtual gateway how ever he knew the ip so he wont be able to login
is that can help protecting of mac spoofing please answer me
thanks in advance
ahmed hassan heleopless@yahoo.com
why do you say that ?
every problem has a solution this is real
i tested this and have some success
when the spoofing mac join and the real client is active
the spoofing mac cant take an the same ip of the client from dhcp server
so the hacker must make manual ip for his internet connection
we can solve that by make “address pool” in dhcp server “static only” so the hacker cant take any another ip
am i right?
please tell me and discuss that will be help for me and all
thanks in advance
As Fewi stated, it is all laid out to Namo repeatedly over the past year. There is a real solution, it’s not solved on the router, it is solved on the layer2 network and investing in the proper hardware to do so. A router can only control traffic going over itself, it cannot control traffic on the rest of the network.
A router cannot prevent someone at the edge of the network from spoofing a MAC/IP combination. Some switches can protect against this for wired connections (must be implemented on the switch, not the router), but it is absolutely impossible to prevent MAC/IP spoofing on wireless access points if both clients are on the same AP. This is a shortcoming of how TCP/IP works when not combined with authentication such as PPPoE or 802.1x, which may not be acceptable in ad hoc networks.
Edit: Feklar was first, still posting it for the references to what layer 2 technologies can be used to mitigate.
Won’t work, that’s the way DHCP works. A client broadcasts and requests an IP address, then the DHCP server responds and gives them the IP information. How do you know if the client just isn’t releasing and renewing their IP? Or their DHCP client has decided it wants to renew the lease? What about if the client is just rebooting their PC?
If you want the DHCP server to only respond to the first DHCP request it receives from a client and no other after that you’d create more problems and solve nothing. What you are thinking is very easy to get around, the MAC-Spoofer would just have to assign himself a static IP and continue on and bypass the DHCP server all together.
now to solve this problem
we will bind a specific ip with the mac and specify a big lease time such 60d
and be careful that the client bound the ip before the spoofer
we will disable the broadcast and not mak address pool
we will make it static only
now the spoofer cant take any other ip except the specified one
and the specified one is already taken by the real client
i will specify the property of one address per mac
this address will be bound by the real mac
and the spoofer cant bound the same address when the true client is active
Once again, this WILL NOT solve what you think it will. It would be very very trivial for me to do an IP scan of a network or set up a packet sniffer and get the MAC and IP of a legitimate client and modify my settings to match theirs. Then all of the sudden I am online with their account. Anyone that is doing MAC spoffing knows how to use these programs and modify their settings, you solve nothing by doing this.
ALL DHCP is a service by witch end users do not have to manually enter in the network settings in order to get online, this does not prevent others from modifying these settings themselves to get online. When you make a sticky DHCP lease it is only set on the server so it knows to always give that IP to a certain MAC, it does not modify or change anything on the clients side. Should someone change their MAC and ask for a lease, the server will hand it to them. If you somehow find a way to prevent the server from giving out the lease again until after it has expired (which you probably will not be able to do) you completely ignore my other points about completely legitimate reasons for the client to ask for the IP again. When you do a “repair” on a connection in windows it releases and renews the IP, when you reboot a computer it asks for a lease, most DHCP clients will ask for a new lease 1/2 way through their current lease.
All you are doing at this point is making things overly complicated on yourself, creating problems, going to make clients mad, and driving up your costs due to the extra support required of you now. All of that for not even putting a dent in the problem or slowing it down.
No, it will give the same IP to the same MAC asking for it. That’s the way DHCP works. If an end user has copied the MAC of another end user and asks for a lease, then the DHCP server will see if that MAC already has a lease, if so it will reply with the same address in the table and give it to them, if not it will give them another address not in use.
The spoffer can either get the same DHCP lease from the server, or manually set their settings to match the other end user, something that takes all of 1 minute at most if you are on a slow computer.
no no no the dhcp doesnt give the spoofer mac the same ip as it is bounded before
the spoofer must provide it for his connection manually
here we must make a virtual gateway to the dhcp server
the spoofer will not be able to know it
moreover you can change this virtual gateway every day
it is easy to change
Yes the DHCP server will give them the same IP address, Subnet Mask, Gateway, and DNS servers as the legitimate end user, because that is the way DHCP works. It does not matter if you bind or make it sticky or anything else. If the DHCP server is running, it will respond to DHCP requests, it will see a DHCP request from a given MAC and it will hand out a DHCP lease. If that MAC has an active lease it WILL give them the same lease information again.
Here once again, ALL that the “spoofer” needs to do is get a packet sniffer and adjust their settings accordingly, making them do this via modifying there settings manually is in no way shape or form a deterrent, or even something that will slow them down. It DOES not matter how often you change this “gateway”, they can just change it themselves when you do. And then you generate a ton of problems for your end users by changing settings like that on a daily basis, because all of the sudden their lease information is incorrect and they can no longer get online. There again, all you have done is increase your work load, generated a lot of problems, and made a ton of pissed off clients.