MAC Address Spoofing Questions

[magicbennie]

If an MAC address conflict on a network is detected, what happens? How are the two devices treated? Are they notified of the conflict and do they lose their connection to the network?

 

The reason for knowing this is, a bunch of my friends devices on my schools WiFi network are getting disconnected/disabled and i might need to start spoofing my computers MAC address to get around any blocks applied to my computers MAC address.

 

I haven't been blocked yet, and hopefully never will be, but I would like to at least be prepared.

 

What else should I know about MAC address spoofing, risks etc?

[rufee]

Usually as far as switches are concerned both MAC's should get the same packet, there isnt much collision detection for MAC addresses.

This could lead to IP conflicts in some cases.

MAC spoofing or it is referred to as cloning on routers is the ability to change the devices MAC address to gain access on networks that provide service based on MAC's, there isn't really any harm in doing this as addressing by MAC is only used in L2 networks.

[LAwLz]

If it's a wireless connection then both devices will get the packets and then hell breaks loose because the switch might get different responses (one computer says it got the message and the same computer says it didn't request it) causing it to resend the packet infinity, or maybe the encryption gets messed up because the shared secret between the computers doesn't match and so on. Basically anything can happen. It might even work just fine in certain situations, and it might be a total chaos.

 

If it's a wired connection then only the last device to send data will get the packet (if computer1 is on port 1, and computer2 connects with the same MAC on port 2, the switch will assume computer1 was moved to port 2, and start ignoring port1. When it receives packets on port1 it will assume the computer moved from port 2 and so on).

 

I doubt that spoofing your MAC would help. If they are randomly getting disconnected then there is probably some issue either on their side or on the network side of things.

Also if it's a school network then chances are it uses 802.1X with a RADIUS server, in which case they just manipulate your privileges based on your username and not your MAC address.

[Blade of Grass]

Building on what LAwLz and rufee said (they beat me too it), you'll run into the issue of jumping in the middle of a connection - you haven't received the important packets at the start. So you'll run into alot of issues and you probably won't be able to do much if they're actively using the connection (you're basically DDoSing yourself and them).

[tom564]

If an MAC address conflict on a network is detected, what happens? How are the two devices treated? Are they notified of the conflict and do they lose their connection to the network?

 

The reason for knowing this is, a bunch of my friends devices on my schools WiFi network are getting disconnected/disabled and i might need to start spoofing my computers MAC address to get around any blocks applied to my computers MAC address.

 

I haven't been blocked yet, and hopefully never will be, but I would like to at least be prepared.

 

What else should I know about MAC address spoofing, risks etc?

Someone may be deauthing them if it is just now and then, i take it is wireless? 

[Darren]

Usually as far as switches are concerned both MAC's should get the same packet, there isnt much collision detection for MAC addresses.

This could lead to IP conflicts in some cases.

MAC spoofing or it is referred to as cloning on routers is the ability to change the devices MAC address to gain access on networks that provide service based on MAC's, there isn't really any harm in doing this as addressing by MAC is only used in L2 networks.

 

Well depends how dumb the switch is, and how it handles ARP traffic from a device already in it's forwarding table and it being on a different port. Sure, it's only used at Layer 2 but a device still needs to know where to send Layer 3 traffic, which depends on Layer 2 traffic. In saying that, it doesn't need to match the MAC address of the end-host the entire way, but something needs to know it eventually. Some switches will boot the old device, and add the new one, and keep doing that until one of you realises this isn't really going to work out. Some will send it to both, which is silly in my opinion.

 

Not really sure why an admin would apply privileges based on MAC. Seems stupid.

 

Regardless, no one should be helping you bypass any security your administrator has set anyway, as I'm sure you doing so violates any terms of use of which he is free to change without notice. You should go back to not wasting his time and do some actual school work.

[magicbennie]

If it's a wireless connection then both devices will get the packets and then hell breaks loose because the switch might get different responses (one computer says it got the message and the same computer says it didn't request it) causing it to resend the packet infinity, or maybe the encryption gets messed up because the shared secret between the computers doesn't match and so on. Basically anything can happen. It might even work just fine in certain situations, and it might be a total chaos.

 

If it's a wired connection then only the last device to send data will get the packet (if computer1 is on port 1, and computer2 connects with the same MAC on port 2, the switch will assume computer1 was moved to port 2, and start ignoring port1. When it receives packets on port1 it will assume the computer moved from port 2 and so on).

 

I doubt that spoofing your MAC would help. If they are randomly getting disconnected then there is probably some issue either on their side or on the network side of things.

Also if it's a school network then chances are it uses 802.1X with a RADIUS server, in which case they just manipulate your privileges based on your username and not your MAC address.

They must be using a blacklist, not a white-list, so I should be able to change to any random MAC address and they won't know, right?

 

Also, I am using a personal laptop.

[magicbennie]

Regardless, no one should be helping you bypass any security your administrator has set anyway, as I'm sure you doing so violates any terms of use of which he is free to change without notice. You should go back to not wasting his time and do some actual school work.

Hey, I've payed for the use of the BYOD WiFi network. If I want to use the teachers network because I'm too lazy to put in my account name and password every time I start my computer then so be it. I don't think using the teachers WiFi is actually breaking any of the terms of use anyway.

[Darren]

Hey, I've payed for the use of the BYOD WiFi network. If I want to use the teachers network because I'm too lazy to put in my account name and password every time I start my computer then so be it. I don't think using the teachers WiFi is actually breaking any of the terms of use anyway.

 

Err, right. So instead of using something you've paid for you're just doing something you shouldn't. Anyway, back to the question, unless you're spoofing your MAC to duplicate someone elses, it's actually very unlikely you will end up duping someone elses and cause problems (1 in 2^44 (00:00:00:00:00:00 - 79:FF:FF:FF:FF:FF)).

[magicbennie]

Err, right. So instead of using something you've paid for you're just doing something you shouldn't. Anyway, back to the question, unless you're spoofing your MAC to duplicate someone elses, it's actually very unlikely you will end up duping someone elses and cause problems (1 in 2^44 (00:00:00:00:00:00 - 79:FF:FF:FF:FF:FF)).

Yep.

 

Thanks for your help though!