MAC spoofing is an unauthorized change of MAC address, a MAC address falsification of a network device within a computer network. To put it simply, it can be falsification of your phone or computer identification within a network. The attacker could use the fake identification (MAC address) to pass of as your own device and thus be able to, for example, intercept the network communication.
The MAC address falsification can happen in several ways:
- change of MAC address
- generating random MAC address
- setting up a MAC address of a different manufacturer
- setting up a MAC address without changing the manufacturer and subsequent automatic activation of the new MAC address
A false MAC address allows to circumvent existing security mechanisms. For example, it enables the attacker to impersonate real devices (end stations or even routers) or to hide himself behind another network device.
Note that changing the MAC address is not only a fraudulent technique, it can also be used as a legitimate technique to ensure a good network operation.
How can I protect my device against MAC spoofing?
To combat this technique and protect your network, both protection and active detection (network monitoring and analysis) are required. It is certainly a good idea to manage access to the company network in order to prevent unauthorized people to connect. A restricted access to the network connection (wifi) should be reserved to the visitors. This is because a big portion of the MAC spoofing attacks take place from within an internal network. The company should also make sure that there are no unauthorized persons in the company’s premises and that visitors are never left alone. This is to avoid the risk of unauthorized people connecting to or manipulating the internal network by means of, for example, bypassing the wifi protection by connecting directly to the (ethernet) using a cable.
It is also recommended to use IPsec technologies and encryption of communication on the network that prevents eavesdropping of existing MAC addresses. Larger companies who make use of advanced active networking hardware enhance the protection by means of switch configuration or firewall configuration causing the incoming packets (as potential means of attacking) from outside to be blocked.