spoof mac address

I am confused about this.

If I enable mac filtering, how can someone spoof the mac address?
Wouldn't the spoofer have to gain access to the network to even know what
address to spoof?

chicken?
egg?

bam Bino wrote:

> I am confused about this.
>
> If I enable mac filtering, how can someone spoof the mac address?
> Wouldn't the spoofer have to gain access to the network to even know what
> address to spoof?

No. Your mac is readable every time you use WiFi.

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

bam Bino wrote:
> I am confused about this.
>
> If I enable mac filtering, how can someone spoof the mac address?
> Wouldn't the spoofer have to gain access to the network to even know
> what address to spoof?
>


No... the spoofer would monitor your wireless traffic and make a note of
the MAC addresses you are using - when MAC xxxxxx goes off-air he would
spoof MAC xxxxxx and connect.... your router will 'assume' it is the
(genuine) MAC connecting again.

Guy
> chicken?
> egg?

Holy crap. Even wireless G sends out my mac?


"Bigguy" <(E-Mail Removed)> wrote in message
news:zLLkc.2064$(E-Mail Removed)...
>
>
> bam Bino wrote:
> > I am confused about this.
> >
> > If I enable mac filtering, how can someone spoof the mac address?
> > Wouldn't the spoofer have to gain access to the network to even know
> > what address to spoof?
> >
>
>
> No... the spoofer would monitor your wireless traffic and make a note of
> the MAC addresses you are using - when MAC xxxxxx goes off-air he would
> spoof MAC xxxxxx and connect.... your router will 'assume' it is the
> (genuine) MAC connecting again.
>
> Guy
> > chicken?
> > egg?
>
>

All 802.11 protocols - B, G, and A - send MAC addresses and other frame
header info unencrypted. The reason should be obvious. The destination MAC
address is used by the wifi adapter to decide whether or not an incoming
frame is directed to it. If not, the frame is discarded (except in
promiscous mode, or if the destination MAC is broadcast). If the MAC address
is encrypted then it has to be decrypted before the descion can be made.
This is a relatively slow process requiring buffering, and would essentially
force most incoming frames to be entirely received before they can be
discarded. Immediate recognition allows received bits to be discarded almost
immediately after the destination MAC is received (it's early in the
header), so resources are released for reuse much earlier. Also, other
fields in the header (such as the bitrate to be used for the remainder of
the frame, and flag that indicates whether or not WEP is being used) clearly
need to be unencrypted.

The only thing that is encrypted is the payload itself.

But this is also the way it works for Ethernet, and most other networks, at
layer 2.

"bam Bino" <(E-Mail Removed)> wrote in message
news:vYudnSwlJ8c7ugndRVn-(E-Mail Removed)...
> Holy crap. Even wireless G sends out my mac?
>
>
> "Bigguy" <(E-Mail Removed)> wrote in message
> news:zLLkc.2064$(E-Mail Removed)...
> >
> >
> > bam Bino wrote:
> > > I am confused about this.
> > >
> > > If I enable mac filtering, how can someone spoof the mac address?
> > > Wouldn't the spoofer have to gain access to the network to even know
> > > what address to spoof?
> > >
> >
> >
> > No... the spoofer would monitor your wireless traffic and make a note
of
> > the MAC addresses you are using - when MAC xxxxxx goes off-air he would
> > spoof MAC xxxxxx and connect.... your router will 'assume' it is the
> > (genuine) MAC connecting again.
> >
> > Guy
> > > chicken?
> > > egg?
> >
> >
>
>

Good stuff. Thanks.

It kind of sounds like asking the other person's name at the biginning of
every sentence.



"gary" <(E-Mail Removed)> wrote in message
news:SWWkc.23571$(E-Mail Removed). com...
> All 802.11 protocols - B, G, and A - send MAC addresses and other frame
> header info unencrypted. The reason should be obvious. The destination MAC
> address is used by the wifi adapter to decide whether or not an incoming
> frame is directed to it. If not, the frame is discarded (except in
> promiscous mode, or if the destination MAC is broadcast). If the MAC
address
> is encrypted then it has to be decrypted before the descion can be made.
> This is a relatively slow process requiring buffering, and would
essentially
> force most incoming frames to be entirely received before they can be
> discarded. Immediate recognition allows received bits to be discarded
almost
> immediately after the destination MAC is received (it's early in the
> header), so resources are released for reuse much earlier. Also, other
> fields in the header (such as the bitrate to be used for the remainder of
> the frame, and flag that indicates whether or not WEP is being used)
clearly
> need to be unencrypted.
>
> The only thing that is encrypted is the payload itself.
>
> But this is also the way it works for Ethernet, and most other networks,
at
> layer 2.
>
> "bam Bino" <(E-Mail Removed)> wrote in message
> news:vYudnSwlJ8c7ugndRVn-(E-Mail Removed)...
> > Holy crap. Even wireless G sends out my mac?
> >
> >
> > "Bigguy" <(E-Mail Removed)> wrote in message
> > news:zLLkc.2064$(E-Mail Removed)...
> > >
> > >
> > > bam Bino wrote:
> > > > I am confused about this.
> > > >
> > > > If I enable mac filtering, how can someone spoof the mac address?
> > > > Wouldn't the spoofer have to gain access to the network to even know
> > > > what address to spoof?
> > > >
> > >
> > >
> > > No... the spoofer would monitor your wireless traffic and make a note
> of
> > > the MAC addresses you are using - when MAC xxxxxx goes off-air he
would
> > > spoof MAC xxxxxx and connect.... your router will 'assume' it is the
> > > (genuine) MAC connecting again.
> > >
> > > Guy
> > > > chicken?
> > > > egg?
> > >
> > >
> >
> >
>
>

On Sat, 1 May 2004 16:41:34 -0600, in alt.internet.wireless , "bam Bino"
<(E-Mail Removed)> wrote:

>Holy crap. Even wireless G sends out my mac?

Of course. How else is the AP going to know which unit the messages are
coming from?
You need to read up on the wireless protocols.
--
Mark McIntyre
CLC FAQ <http://www.eskimo.com/~scs/C-faq/top.html>
CLC readme: <http://www.angelfire.com/ms3/bchambless0/welcome_to_clc.html>


----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

On Sat, 1 May 2004 18:56:14 -0600, in alt.internet.wireless , "bam Bino"
<(E-Mail Removed)> wrote:

>Good stuff. Thanks.
>
>It kind of sounds like asking the other person's name at the biginning of
>every sentence.

More like prefacing your remarks with your own name. If you've ever taken
part in a phone conference call, you'd know that this is quite often
necessary.
--
Mark McIntyre
CLC FAQ <http://www.eskimo.com/~scs/C-faq/top.html>
CLC readme: <http://www.angelfire.com/ms3/bchambless0/welcome_to_clc.html>


----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

In article <(E-Mail Removed)>, "bam Bino" <(E-Mail Removed)> wrote:
>Good stuff. Thanks.
>
>It kind of sounds like asking the other person's name at the biginning of
>every sentence.

More like being in a room full of people and I have something to say to
you, I might prefix it with 'Hey bam Bino, how are you'. The 'hey bam Bino'
being used to get your attention and to alert others I don't care how they
are <g>.

>
>
>
>"gary" <(E-Mail Removed)> wrote in message
>news:SWWkc.23571$(E-Mail Removed) .com...
>> All 802.11 protocols - B, G, and A - send MAC addresses and other frame
>> header info unencrypted. The reason should be obvious. The destination MAC
>> address is used by the wifi adapter to decide whether or not an incoming
>> frame is directed to it. If not, the frame is discarded (except in
>> promiscous mode, or if the destination MAC is broadcast). If the MAC
>address
>> is encrypted then it has to be decrypted before the descion can be made.
>> This is a relatively slow process requiring buffering, and would
>essentially
>> force most incoming frames to be entirely received before they can be
>> discarded. Immediate recognition allows received bits to be discarded
>almost
>> immediately after the destination MAC is received (it's early in the
>> header), so resources are released for reuse much earlier. Also, other
>> fields in the header (such as the bitrate to be used for the remainder of
>> the frame, and flag that indicates whether or not WEP is being used)
>clearly
>> need to be unencrypted.
>>
>> The only thing that is encrypted is the payload itself.
>>
>> But this is also the way it works for Ethernet, and most other networks,
>at
>> layer 2.
>>
>> "bam Bino" <(E-Mail Removed)> wrote in message
>> news:vYudnSwlJ8c7ugndRVn-(E-Mail Removed)...
>> > Holy crap. Even wireless G sends out my mac?
>> >
>> >
>> > "Bigguy" <(E-Mail Removed)> wrote in message
>> > news:zLLkc.2064$(E-Mail Removed)...
>> > >
>> > >
>> > > bam Bino wrote:
>> > > > I am confused about this.
>> > > >
>> > > > If I enable mac filtering, how can someone spoof the mac address?
>> > > > Wouldn't the spoofer have to gain access to the network to even know
>> > > > what address to spoof?
>> > > >
>> > >
>> > >
>> > > No... the spoofer would monitor your wireless traffic and make a note
>> of
>> > > the MAC addresses you are using - when MAC xxxxxx goes off-air he
>would
>> > > spoof MAC xxxxxx and connect.... your router will 'assume' it is the
>> > > (genuine) MAC connecting again.
>> > >
>> > > Guy
>> > > > chicken?
>> > > > egg?
>> > >
>> > >
>> >
>> >
>>
>>
>
>

now THat' news to me.
I thought when i asked my question that I knew everything about wireless
protocols.

Now you're telling me that I need to read up on them.
Thanks for shattering my world.


I always think it's funny when some geek gives you the "of course it has to
be this way", while simultaneously some other geek is working on a way to
may it not so.



"Mark McIntyre" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Sat, 1 May 2004 16:41:34 -0600, in alt.internet.wireless , "bam Bino"
> <(E-Mail Removed)> wrote:
>
> >Holy crap. Even wireless G sends out my mac?
>
> Of course. How else is the AP going to know which unit the messages are
> coming from?
> You need to read up on the wireless protocols.
> --
> Mark McIntyre
> CLC FAQ <http://www.eskimo.com/~scs/C-faq/top.html>
> CLC readme: <http://www.angelfire.com/ms3/bchambless0/welcome_to_clc.html>
>
>
> ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet
News==----
> http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000
Newsgroups
> ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption
=---