| MAC (Medium Access Control) address spoofing is regarded as an important first step in a hacker's attempt to launch a variety of attacks on wireless 802.11 LANs. Unfortunately, MAC address spoofing is hard to detect. Most current MAC spoofing detection systems mainly use the sequence number (SN) tracking technique. However, using only SN tracking may lead to an increase in the number of false positives in attack detection. The author presents a new architecture called WISE GUARD (Wireless Security Guard) for detection of MAC address spoofing on 802.11 wireless LANs. It integrates three detection techniques---SN tracking, Operating System (OS) fingerprinting & tracking and Received Signal Strength (RSS) fingerprinting & tracking. It also includes the fingerprinting of Access Point (AP) parameters as an extension to the OS fingerprinting for detection of AP address spoofing. The author implemented WISE GUARD on a test bed using off-the-shelf wireless devices and open source drivers. Experimental results show that the new design enhances the detection effectiveness and reduces false positives. |
