PDA

View Full Version : Can't connect wifi with a spoofed MAC address



Matrix64
22-01-2013, 03:58 PM
Hey all,

Im playing around with some security on my home network. I was going to try setup mac address filtering until I found out how easy it was to sniff a mac address then spoof it.

So I tried spoofing my mac address for the first time to see how easy it is to change. Ive used 2 programs so far to change it, the best of which is Technitium MAC Address changer.

This spoofs the mac address and resets the adapter, and makes it persistant (so when i restart my pc it starts with the spoofed mac address). IP config shows mac address changed/spoofed successfully

The only thing is once the address is spoofed I cannot connect to any wifi network.

I have 3 wifi routers at home, 2 netgears and a cisco linksys, All with WPA2-PSK tkip+aes - no mac address filtering at all on them just the key.

When i try to connect it will say unable to connect in a matter of a few seconds, the adapter status is always stuck on Attempting to Authenticate.

I have removed the networks from windows so it prompts for security key apon connection, changes nothing still unable to connect.

If I remove the spoofed address it connects to wifi straight away.

My laptop is using Windows 7 pro 64Bit, latest update.

The only thing I can think of, is that I've noticed when spoofing in windows 7 (and other people confirm) they cant change their mac address unless the second octet is a 2,6,A or D.
And my original wifi adapter the second octet is a 4.

Is there something in my NZ spec routers that realize the address isnt normal/not of this region and will not accept the authentication from the address?

Or is there some sort of spoof detection on modern series routers?

Ive looked around but most the threads with the same issues are linux which im yet to try.

Slankydudl
22-01-2013, 04:08 PM
Perhaps they are smarter than you thought?

Matrix64
22-01-2013, 04:10 PM
Perhaps they are smarter than you thought?
Hey, They? Sorry?

SolMiester
22-01-2013, 04:25 PM
I wouldnt try that with the on-board NIC if I were you, buy a cheap $10 expansion card if you want to play, dont risk bricking a soldered mobo component.

Matrix64
22-01-2013, 04:49 PM
Fair point I have one at home somewhere I can play with. Would it really brick since the changer only changes that registry file? As in just a mask over the real mac address, this can brick it?

SolMiester
23-01-2013, 09:20 AM
Fair point I have one at home somewhere I can play with. Would it really brick since the changer only changes that registry file? As in just a mask over the real mac address, this can brick it?

Is it the registry thats changing or the ROM in the chip on the hardware, dont know, never tried it, but still, #1 rule in IT, make sure you can go backwards....playing with the reg can still corrupt the O/S.

kingdragonfly
23-01-2013, 02:25 PM
For those who don't know, a MAC address is "a Media Access Control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment."

http://en.wikipedia.org/wiki/MAC_address

The MAC address is not stored in the registry. It's stored on the network device itself usually. There are exceptions to this rule, usually embedded devices, or virtual devices.

You can't just use any value for a MAC address. I'd leave the first three most significant bytes as is, and only change the the last three least significant bytes.

Also be aware that ARP and NDP cache the MAC address, so you need to clear those caches.

http://en.wikipedia.org/wiki/Address_Resolution_Protocol

The Error Guy
23-01-2013, 03:52 PM
Yup, the MAC is hard coded onto the device, in windows some devices allow the MAC to be changed manually (via a reg key or in the adapter properties) other, predominantly the 2011+ Intel cards do not allow MAC spoofing. There are many legitimate reasons for MAC spoofing fyi.

As kingdragonfly suggested the "origional" MAC can be cached. Also in my experiance the MAC looksl like it is spoofed BUT it isn't. Check in ipconfig (open CMD "ipconfig /all")