MAC spoofing is a simple concept in which an attacker (or pentester) changes their MAC address to the MAC address of an existing authenticated machine already on the network. The simplest example of employing this strategy is when a network administrator has applied port security to the switches on their network. Port security is a low-level security methodology that allows only a specific number of MAC addresses to attach to each switchport (usually one or two). If this number is exceeded (for example, if you take off the original machine and attach one or two unrecognized units), the port will usually shut down depending on the configuration applied. MAC spoofing isn’t necessarily a technique used to allow network-wide sniffing, but it does work to allow an unauthorized client onto the network without too much administrative hacking effort.
2020-05-21
1 Comment