What Can You Do With Someone’S Mac Address

What can someone do with a MAC address? – The Student …

Could someone who knows the WLAN MAC address of a mobile phone do anything malicious to the device at all? Or any other type of computer/device for that matter?
Nothing address only identifies a network communications device. Some ISPs only allow certain MAC addresses to access their service, and routers can be configured to only allow certain MAC address to connect through it. If you know the MAC address of someone’s device it is possible to ‘spoof’ it and steal someone’s internet connection. The only way you can connect to a computer remotely is using an IP or Internet Protocol address, and even then there are many security features in place to prevent you from doing such.
(Original post by NewFolder)
It is effectively like having the registration of your car. It uniquely identifies hardware on a network, you can change it but there really is no need.
In other words if you joined a wifi network then someone looking for your phone with access to that network could then identify your phone. Worst case scenario is that someone could change their mac address to yours and cleverly intercept your traffic by spoofing.
A criminal could also commit a crime with hardware pretending to be your phone. There are no real implications of this however as I don’t think MAC addresses hold up in court as identification evidence.
(Original post by FranticMind)
Well I knew a fair few people who spoofed their MAC address at uni ie: plugged a switch in, and had other devices running on it
It’s also useful if you’ve managed to get access to someone else’s network, where MAC address filtering has been enabled and you know a MAC address on that network. So you spoof your MAC address for those reasons
I’ve also known people to change MAC addresses on fake dreamboxes, because having more than one device in the house caused communication errors
As others have said there’s not a lot that can be done with a MAC address. It’s only visible on the local network, so if you’ve got a router at home your provider won’t see the MAC address on your PC.
About the only thing that could be done maliciously with a mac address might be to continue using your internet connection on a wifi network that uses web based authentication, but if you’re on such a network there’s likely to be plenty of other worse attacks they could be doing.
Thank you for all your replies.
Would the attacker have to be connected to the same network in order to do this? If so, would it matter whether the network was an open network or encrypted?
Would the attacker have to be connected to the same network in order to do this?
Yes, because MAC addresses are used instead of IP addresses to forward Ethernet frames on the same subnet or physical network segment. They are not passed or known outside of this.
Look up Address Resolution Protocol (ARP).
If so, would it matter whether the network was an open network or encrypted?
Not sure about this and don’t have the time to look. I think encryption would thwart you as it would prevent you joining the network and seeing this traffic… can’t remember.
It really depends on the context. If it was a wifi network and you were connected then you would not need to connect as you can see the MAC addresses of all devices broadcasting.
Encryption works on the data of the packet and so the content would be encrypted but the header would be intact. Meaning it would not matter if you had access to the information anyway.
How about wifi Mac address
Hi there!
This thread is from 2012. In future please check the dates before posting!
Thread closed.
MAC address - Wikipedia

MAC address – Wikipedia

This article is about a type of network address. For the Apple computers, see Macintosh. For other similar terms, see Mac.
Label of a UMTS router with MAC addresses for LAN and WLAN modules
A media access control address (MAC address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use is common in most IEEE 802 networking technologies, including Ethernet, Wi-Fi, and Bluetooth. Within the Open Systems Interconnection (OSI) network model, MAC addresses are used in the medium access control protocol sublayer of the data link layer. As typically represented, MAC addresses are recognizable as six groups of two hexadecimal digits, separated by hyphens, colons, or without a separator.
MAC addresses are primarily assigned by device manufacturers, and are therefore often referred to as the burned-in address, or as an Ethernet hardware address, hardware address, or physical address. Each address can be stored in hardware, such as the card’s read-only memory, or by a firmware mechanism. Many network interfaces, however, support changing their MAC address. The address typically includes a manufacturer’s organizationally unique identifier (OUI). MAC addresses are formed according to the principles of two numbering spaces based on Extended Unique Identifiers (EUI) managed by the Institute of Electrical and Electronics Engineers (IEEE): EUI-48, which replaces the obsolete term MAC-48, [1] and EUI-64. [2]
Network nodes with multiple network interfaces, such as routers and multilayer switches, must have a unique MAC address for each NIC in the same network. However, two NICs connected to two different networks can share the same MAC address.
Address details[edit]
The structure of a 48-bit MAC address. The b0 bit distinguishes multicast and unicast addressing and the b1 bit distinguishes universal and locally administered addressing.
The IEEE 802 MAC address originally comes from the Xerox Network Systems Ethernet addressing scheme. [3] This 48-bit address space contains potentially 248 (over 281 trillion) possible MAC addresses. The IEEE manages allocation of MAC addresses, originally known as MAC-48 and which it now refers to as EUI-48 identifiers. The IEEE has a target lifetime of 100 years (until 2080) for applications using EUI-48 space and restricts applications accordingly. The IEEE encourages adoption of the more plentiful EUI-64 for non-Ethernet applications.
The distinction between EUI-48 and MAC-48 identifiers is in name and application only. MAC-48 was used to address hardware interfaces within existing 802-based networking applications; EUI-48 is now used for 802-based networking and is also used to identify other devices and software, for example Bluetooth. [2][4] The IEEE now considers MAC-48 to be an obsolete term. [1] EUI-48 is now used in all cases. In addition, the EUI-64 numbering system originally encompassed both MAC-48 and EUI-48 identifiers by a simple translation mechanism. [2][a] These translations have since been deprecated. [2]
An Individual Address Block (IAB) is an inactive registry activity which has been replaced by the MA-S (MA-S was previously named OUI-36 and have no overlaps in addresses with IAB[5]) registry product as of January 1, 2014. The IAB uses an OUI from MA-L (MAC address block large) registry was previously named OUI registry, the term OUI is still in use, but not for calling a registry[5]) belonging to the IEEE Registration Authority, concatenated with 12 additional IEEE-provided bits (for a total of 36 bits), leaving only 12 bits for the IAB owner to assign to their (up to 4096) individual devices. An IAB is ideal for organizations requiring not more than 4096 unique 48-bit numbers (EUI-48). Unlike an OUI, which allows the assignee to assign values in various different number spaces (for example, EUI-48, EUI-64, and the various context-dependent identifier number spaces, like for SNAP or EDID (VSDB field)), the Individual Address Block could only be used to assign EUI-48 identifiers. All other potential uses based on the OUI from which the IABs are allocated are reserved and remain the property of the IEEE Registration Authority. Between 2007 and September 2012, the OUI value 00:50:C2 was used for IAB assignments. After September 2012, the value 40:D8:55 was used. The owners of an already assigned IAB may continue to use the assignment. [6]
MA-S (MAC address block small) registry activity includes both a 36-bit unique number used in some standards and the assignment of a block of EUI-48 and EUI-64 identifiers (while owner of IAB cannot assign EUI-64) by the IEEE Registration Authority. MA-S does not include assignment of an OUI.
There is also another registry which is called MA-M (MAC address block medium). The MA-M assignment block provides both 220 EUI-48 identifiers and 236 EUI-64 identifiers (that means first 28 bits are IEEE assigned bits). The first 24 bits of the assigned MA-M block are an OUI assigned to IEEE that will not be reassigned, so the MA-M does not include assignment of an OUI.
Universal vs. local (U/L bit)[edit]
Addresses can either be universally administered addresses (UAA) or locally administered addresses (LAA). A universally administered address is uniquely assigned to a device by its manufacturer. The first three octets (in transmission order) identify the organization that issued the identifier and are known as the organizationally unique identifier (OUI). [2] The remainder of the address (three octets for EUI-48 or five for EUI-64) are assigned by that organization in nearly any manner they please, subject to the constraint of uniqueness. A locally administered address is assigned to a device by software or a network administrator, overriding the burned-in address for physical devices.
Locally administered addresses are distinguished from universally administered addresses by setting (assigning the value of 1 to) the second-least-significant bit of the first octet of the address. This bit is also referred to as the U/L bit, short for Universal/Local, which identifies how the address is administered. [7][8] If the bit is 0, the address is universally administered, which is why this bit is 0 in all OUIs. If it is 1, the address is locally administered. In the example address 06-00-00-00-00-00 the first octet is 06 (hexadecimal), the binary form of which is 00000110, where the second-least-significant bit is 1. Therefore, it is a locally administered address. [9] Even though many hypervisors manage dynamic MAC addresses within their own OUI, often it is useful to create an entire unique MAC within the LAA range. [10]
Universal addresses that are administered locally[edit]
In virtualisation, hypervisors such as QEMU and Xen have their own OUIs. Each new virtual machine is started with a MAC address set by assigning the last three bytes to be unique on the local network. While this is local administration of MAC addresses, it is not an LAA in the IEEE sense.
An historical example of this hybrid situation is the DECnet protocol, where the universal MAC address (OUI AA-00-04, Digital Equipment Corporation) is administered locally. The DECnet software assigns the last three bytes for the complete MAC address to be AA-00-04-00-XX-YY where XX-YY reflects the DECnet network address of the host. This eliminates the need for DECnet to have an address resolution protocol since the MAC address for any DECnet host can be determined from its DECnet address.
Unicast vs. multicast (I/G bit)[edit]
The least significant bit of an address’s first octet is referred to as the I/G, or Individual/Group, bit. [7][8]
When this bit is 0 (zero), the frame is meant to reach only one receiving NIC. [11] This type of transmission is called unicast. A unicast frame is transmitted to all nodes within the collision domain. In a modern wired setting the collision domain usually is the length of the Ethernet cable between two network cards. In a wireless setting, the collision domain is all receivers that can detect a given wireless signal. If a switch does not know which port leads to a given MAC address, the switch will forward a unicast frame to all of its ports (except the originating port), an action known as unicast flood. [12] Only the node with the matching hardware MAC address will accept the frame; network frames with non-matching MAC-addresses are ignored, unless the device is in promiscuous mode.
If the least significant bit of the first octet is set to 1 (i. e. the second hexadecimal digit is odd) the frame will still be sent only once; however, NICs will choose to accept it based on criteria other than the matching of a MAC address: for example, based on a configurable list of accepted multicast MAC addresses. This is called multicast addressing.
The IEEE has built in several special address types to allow more than one network interface card to be addressed at one time:
Packets sent to the broadcast address, all one bits, are received by all stations on a local area network. In hexadecimal the broadcast address would be FF:FF:FF:FF:FF:FF. A broadcast frame is flooded and is forwarded to and accepted by all other nodes.
Packets sent to a multicast address are received by all stations on a LAN that have been configured to receive packets sent to that address.
Functional addresses identify one or more Token Ring NICs that provide a particular service, defined in IEEE 802. 5.
These are all examples of group addresses, as opposed to individual addresses; the least significant bit of the first octet of a MAC address distinguishes individual addresses from group addresses. That bit is set to 0 in individual addresses and set to 1 in group addresses. Group addresses, like individual addresses, can be universally administered or locally administered.
Ranges of group and locally administered addresses[edit]
The U/L and I/G bits are handled independently, and there are instances of all four possibilities. [9] IPv6 multicast uses locally administered, multicast MAC addresses in the range 33‑33‑xx‑xx‑xx‑xx (with both bits set). [13]
Given the locations of the U/L and I/G bits, they can be discerned in a single digit in common MAC address notation as shown in the following table:
Universal/Local and Individual/Group bits in MAC addresses
U/LI/G
Universally administered
Locally administered
Unicast (individual)
x0‑xx‑xx‑xx‑xx‑xxx4‑xx‑xx‑xx‑xx‑xxx8‑xx‑xx‑xx‑xx‑xxxC‑xx‑xx‑xx‑xx‑xx
x2‑xx‑xx‑xx‑xx‑xxx6‑xx‑xx‑xx‑xx‑xxxA‑xx‑xx‑xx‑xx‑xxxE‑xx‑xx‑xx‑xx‑xx
Multicast (group)
x1‑xx‑xx‑xx‑xx‑xxx5‑xx‑xx‑xx‑xx‑xxx9‑xx‑xx‑xx‑xx‑xxxD‑xx‑xx‑xx‑xx‑xx
x3‑xx‑xx‑xx‑xx‑xxx7‑xx‑xx‑xx‑xx‑xxxB‑xx‑xx‑xx‑xx‑xxxF‑xx‑xx‑xx‑xx‑xx
Applications[edit]
The following network technologies use the EUI-48 identifier format:
IEEE 802 networks
Ethernet
802. 11 wireless networks (Wi-Fi)
Bluetooth
IEEE 802. 5 Token Ring
Fiber Distributed Data Interface (FDDI)
Asynchronous Transfer Mode (ATM), switched virtual connections only, as part of an NSAP address
Fibre Channel and Serial Attached SCSI (as part of a World Wide Name)
The ITU-T standard, which provides a way to create a high-speed (up to 1 gigabit/s) local area network using existing home wiring (power lines, phone lines and coaxial cables). The Application Protocol Convergence (APC) layer accepts Ethernet frames that use the EUI-48 format and encapsulates them into Medium Access Control Service Data Units (MSDUs).
Every device that connects to an IEEE 802 network (such as Ethernet and Wi-Fi) has an EUI-48 address. Common networked consumer devices such as PCs, smartphones and tablet computers use EUI-48 addresses.
EUI-64 identifiers are used in:
IEEE 1394 (FireWire)
InfiniBand
IPv6 (Modified EUI-64 as the least-significant 64 bits of a unicast network address or link-local address when stateless address autoconfiguration is used. )[14] IPv6 uses a modified EUI-64, treats MAC-48 as EUI-48 instead (as it is chosen from the same address pool) and inverts the local bit. [b] This results in extending MAC addresses (such as IEEE 802 MAC address) to modified EUI-64 using only FF-FE (and never FF-FF) and with the local bit inverted. [15]
ZigBee / 802. 15. 4 / 6LoWPAN wireless personal-area networks
IEEE 11073-20601 (IEEE 11073-20601 compliant medical devices)[16]
Usage in hosts[edit]
On broadcast networks, such as Ethernet, the MAC address is expected to uniquely identify each node on that segment and allows frames to be marked for specific hosts. It thus forms the basis of most of the link layer (OSI Layer 2) networking upon which upper-layer protocols rely to produce complex, functioning networks.
Many network interfaces support changing their MAC address. On most Unix-like systems, the command utility ifconfig may be used to remove and add link address aliases. For instance, the active ifconfig directive may be used on NetBSD to specify which of the attached addresses to activate. [17] Hence, various configuration scripts and utilities permit the randomization of the MAC address at the time of booting or before establishing a network connection.
Changing MAC addresses is necessary in network virtualization. In MAC spoofing, this is practiced in exploiting security vulnerabilities of a computer system. Some modern operating systems, such as Apple iOS and Android, especially in mobile devices, are designed to randomize the assignment of a MAC address to network interface when scanning for wireless access points to avert tracking systems. [18][19]
In Internet Protocol (IP) networks, the MAC address of an interface corresponding to an IP address may be queried with the Address Resolution Protocol (ARP) for IPv4 and the Neighbor Discovery Protocol (NDP) for IPv6, relating OSI Layer 3 addresses to Layer 2 addresses.
Tracking[edit]
Randomization[edit]
According to Edward Snowden, the US National Security Agency has a system that tracks the movements of mobile devices in a city by monitoring MAC addresses. [20]
To avert this practice, Apple has started using random MAC addresses in iOS devices while scanning for networks. [18] Other vendors followed quickly. MAC address randomization during scanning was added in Android starting from version 6. 0, [19] Windows 10, [21] and Linux kernel 3. 18. [22] The actual implementations of the MAC address randomization technique vary largely in different devices. [23] Moreover, various flaws and shortcomings in these implementations may allow an attacker to track a device even if its MAC address is changed, for instance its probe requests’ other elements, [24][25] or their timing. [26][23] If random MAC addresses are not used, researchers have confirmed that it is possible to link a real identity to a particular wireless MAC address. [27][28]
Other information leakage[edit]
Using wireless access points in SSID-hidden mode (network cloaking), a mobile wireless device may not only disclose its own MAC address when traveling, but even the MAC addresses associated to SSIDs the device has already connected to, if they are configured to send these as part of probe request packets. Alternative modes to prevent this include configuring access points to be either in beacon-broadcasting mode or probe-response with SSID mode. In these modes, probe requests may be unnecessary or sent in broadcast mode without disclosing the identity of previously known networks. [29]
Anonymization[edit]
Notational conventions[edit]
The standard (IEEE 802) format for printing EUI-48 addresses in human-friendly form is six groups of two hexadecimal digits, separated by hyphens (-) in transmission order (e. g. 01-23-45-67-89-AB).
This form is also commonly used for EUI-64 (e. 01-23-45-67-89-AB-CD-EF). [2]
Other conventions include six groups of two hexadecimal digits separated by colons (:) (e. 01:23:45:67:89:AB), and three groups of four hexadecimal digits separated by dots (. ) (e. 0123. 4567. 89AB); again in transmission order. [30]
Bit-reversed notation[edit]
The standard notation, also called canonical format, for MAC addresses is written in transmission order with the least significant bit of each byte transmitted first, and is used in the output of the ifconfig, ip address, and ipconfig commands, for example.
However, since IEEE 802. 3 (Ethernet) and IEEE 802. 4 (Token Bus) send the bytes (octets) over the wire, left-to-right, with the least significant bit in each byte first, while IEEE 802. 5 (Token Ring) and IEEE 802. 6 (FDDI) send the bytes over the wire with the most significant bit first, confusion may arise when an address in the latter scenario is represented with bits reversed from the canonical representation. For example, an address in canonical form 12-34-56-78-9A-BC would be transmitted over the wire as bits 01001000 00101100 01101010 00011110 01011001 00111101 in the standard transmission order (least significant bit first). But for Token Ring networks, it would be transmitted as bits 00010010 00110100 01010110 01111000 10011010 10111100 in most-significant-bit first order. The latter might be incorrectly displayed as 48-2C-6A-1E-59-3D. This is referred to as bit-reversed order, non-canonical form, MSB format, IBM format, or Token Ring format, as explained in RFC 2469.
See also[edit]
Hot Standby Router Protocol
MAC filtering
Network management
Sleep Proxy Service, which may spoof another device’s MAC address during certain periods
Transparent bridging
Virtual Router Redundancy Protocol
Notes[edit]
^ To convert a MAC-48 into an EUI-64, copy the OUI, append the two octets FF-FF and then copy the organization-specified extension identifier. To convert an EUI-48 into an EUI-64, the same process is used, but the sequence inserted is FF-FE. [2] In both cases, the process could be trivially reversed when necessary. Organizations issuing EUI-64s were cautioned against issuing identifiers that could be confused with these forms.
^ With local identifiers indicated with a zero bit, locally assigned EUI-64 begin with leading zeroes and it is easier for administrators to type locally assigned IPv6 addresses based on the modified EUI-64
References[edit]
^ a b “MAC Address Block Small (MA-S)”. Retrieved 2019-02-24.
^ a b c d e f g “Guidelines for Use of Extended Unique Identifier (EUI), Organizationally Unique Identifier (OUI), and Company ID (CID)” (PDF). IEEE Standards Association. IEEE. Retrieved 5 August 2018.
^
IEEE Std 802-2001 (PDF). The Institute of Electrical and Electronics Engineers, Inc. (IEEE). 2002-02-07. p. 19. ISBN 978-0-7381-2941-9. Retrieved 2011-09-08. The universal administration of LAN MAC addresses began with the Xerox Corporation administering Block Identifiers (Block IDs) for Ethernet addresses.
^ “IEEE-SA – IEEE Registration Authority”. Retrieved 2018-09-20.
^ a b “IEEE-SA – IEEE Registration Authority”. Retrieved 2018-11-27.
^ a b
“Ethernet frame IG/LG bit explanation – Wireshark”. Retrieved 2021-01-05.
“RFC 4291 IP Version 6 Addressing Architecture Appendix A”. Retrieved 2021-01-05.
^ a b “Standard Group MAC Addresses: A Tutorial Guide” (PDF). IEEE-SA. Retrieved 2018-09-20.
^ “Generating a New Unique MAC Address”. RedHat. Retrieved 2020-06-15.
^ “Guidelines for Fibre Channel Use of the Organizationally Unique Identifier (OUI)” (PDF). Retrieved 2018-10-11.
^ “Overview of Layer 2 Switched Networks and Communication | Getting Started with LANs | Cisco Support Community | 5896 | 68421”. 2011-07-23. Retrieved 2016-05-17.
^ RFC 7042 2. 3. 1.
^ S. Thomson; T. Narten; T. Jinmei (September 2007). IPv6 Stateless Address Autoconfiguration. Network Working Group, IETF. doi:10. 17487/RFC4862. RFC 4862.
^ IANA Considerations and IETF Protocol Usage for IEEE 802 Parameters. IETF. September 2008. sec. 2. 2. 1. 17487/RFC7042. RFC 7042.
^ IEEE P11073-20601 Health informatics—Personal health device communication Part 20601: Application profile—Optimized Exchange Protocol
^ “ifconfig(8) manual page”. Retrieved 16 October 2016.
^ a b Mamiit, Aaron (2014-06-12). “Apple Implements Random MAC Address on iOS 8. Goodbye, Marketers”. Tech Times. Retrieved 2014-12-01.
^ a b “Android 6. 0 Changes”. Android developers. Retrieved 2018-08-22.
^ Bamford, James (2014-08-13). “The Most Wanted Man in the World”. Wired: 4. Retrieved 2014-12-01.
^ Winkey Wang. “Wireless networking in Windows 10”.
^ Emmanuel Grumbach. “iwlwifi: mvm: support random MAC address for scanning”. Linux commit effd05ac479b. Retrieved 2018-08-22.
^ a b Célestin Matte (December 2017). Wi-Fi Tracking: Fingerprinting Attacks and Counter-Measures. 2017 (Theses). Université de Lyon. Retrieved 2018-08-22.
^ Vanhoef Mathy and Matte Célestin and Cunche Mathieu and Cardoso Leonardo and Piessens Frank (2016-05-30). “Why MAC address randomization is not enough: An analysis of Wi-Fi network discovery mechanisms”. Retrieved 2018-08-22.
^ Martin Jeremy and Mayberry Travis and Donahue Collin and Foppe Lucas and Brown Lamont and Riggins Chadwick and Rye Erik C and Brown Dane. “A study of MAC address randomization in mobile devices and when it fails” (PDF). 2017. Retrieved 2018-08-22.
^ Matte Célestin and Cunche Mathieu and Rousseau Franck and Vanhoef Mathy (2016-07-18). “Defeating MAC address randomization through timing attacks”. Retrieved 2018-08-22.
^ Cunche, Mathieu. “I know your MAC Address: Targeted tracking of individual using Wi-Fi” (PDF). 2013. Retrieved 19 December 2014.
^ Muhammad Hassan. “How to Find iPhone MAC Address”.
^ “Hidden network no beacons”. Retrieved 16 October 2016.
^ “Agentless Host Configuration Scenario”. Configuration Guide for Cisco Secure ACS 4. Cisco. February 2008. Archived from the original on 2016-08-02. Retrieved 2015-09-19. You can enter the MAC address in the following formats for representing MAC-48 addresses in human-readable form: six groups of two hexadecimal digits, separated by hyphens (-) in transmission order, [… ]six groups of two separated by colons (:), [… ]three groups of four hexadecimal digits separated by dots (. )…
External links[edit]
IEEE Registration Authority Tutorials
IEEE Registration Authority – Frequently Asked Questions
IEEE Public OUI and Company ID, etc. Assignment lookup
IEEE Public OUI/MA-L list
IEEE Public OUI-28/MA-M list
IEEE Public OUI-36/MA-S list
IEEE Public IAB list
IEEE IAB and OUI MAC Address Lookup Database and API
RFC 7042. IANA Considerations and IETF Protocol and Documentation Usage for IEEE 802 Parameters
IANA list of Ethernet Numbers
Wireshark’s OUI Lookup Tool and MAC address list
7 Things Hackers Hope You Don't Know | eSecurity Planet

7 Things Hackers Hope You Don’t Know | eSecurity Planet

One of the best ways to defend yourself against a Wi-Fi hacker is to learn to think like one. As a hacker, you could simply be on a quest to find something as innocent as free Internet access, or you could be a serious criminal, hired by a cybercrime syndicate to get inside a corporate network to snoop, steal documents, or access credit card details. Either way, there are a few essential weaknesses you, the hacker, would seek out; knowing them can help you, the potential victim, mount a proper defense.
Finding potential targets
First, a hacker will want to see what wireless networks are out there. One way to find them is called war driving, which is easier than it sounds. All that’s needed is a free program called inSSIDer. This scans the airwaves and displays a list of nearby wireless access points (APs). As Figure 1 shows (below), some APs are displayed with an SSID (the network name) and some without.
Discovering so-called hidden networks
The APs missing their SSIDs have been intentionally set via their Web-based control panels to not broadcast their network name in the beacons. The home user or network administrator who manages these networks might believe that not broadcasting the SSID hides his or her WLAN and therefore considers this the first layer of defense against Wi-Fi hackers. However, you (or anyone with the desire) can usually find the concealed SSID quickly. This calls for another program, easily attained–a wireless network analyzer, such as CommView for Wi-Fi. Though it’s a commercial product, its free evaluation version will suffice.
Once a hacker opens CommView for Wi-Fi, she starts capturing on the channel of the “hidden network” she’s targeting. She may see only a blank SSID. However, as soon as someone on the network attempts to connect, the supposedly hidden network name will appear. The SSID is also in probe packets, which will likely be continuously broadcasted from the computers and APs on the target network, so the hacker won’t have to wait long for the big reveal.
See Figure 2 (below) for an example, which shows the same two hidden networks from Figure 1.
Both residential and business networks are equally vulnerable. A hacker can typically detect the names of “hidden networks” very quickly and easily, even if wireless encryption is used. While the name alone isn’t much of a prize, it brings the hacker one step closer to her goal.
Cracking the wireless encryption
The next layer of protection a hacker must often defeat is wireless encryption, such as WEP, WPA, or WPA2. When searching for targets, a hacker will see networks both with and without encryption. Those networks without encryption are very vulnerable. Almost anyone could probably connect in a few seconds. These are usually home connections broadcast by users who either don’t know about encryption or don’t care, but sometimes even businesses leave themselves wide open. Hackers can use these connections for free Internet access, either for casual browsing or as a means of launching Internet-based hacking attacks.
For those networks with WEP encryption, a good hacker can usually crack them within a reasonable amount of time, some within minutes. The ability and amount of time it takes to crack depends upon the WEP key length and complexity, how much the network is being used, and the cracking techniques employed. The newer PTW hacking technique is much faster than most older techniques.
A hacker might also take a stab at cracking networks protected with the simpler or personal form of WPA or WPA2 encryption using pre-shared keys (PSK). The success of these attacks is all up to the simplicity (or complexity) of the passphrase used.
To get started cracking WPA/WPA2-PSK, a hacker only has to capture one client association (someone successfully connecting to the network). Then she can use dictionary-based attacks, trying to guess the passphrase. If the passphrase is simple and is contained in her dictionary, she’ll eventually crack the encryption. Hackers use dictionaries with hundreds of millions of words. Though this would take forever on your own PC, hackers have the ability to use outsourced super computers, such as WPA Cracker.
Some networks, usually in larger businesses or organizations, use the enterprise mode of WPA or WPA2 encryption using the Extensible Authentication Protocol (EAP) and 802. 1X. These won’t have passphrases or PSKs to crack, but these are susceptible to man-in-the-middle attacks.
To get started hacking WPA/WPA2-Enterprise, a hacker would set up a fake AP matching the SSID and security settings of the target network and would then run a modified RADIUS authentication server. She’d try to get users to connect to her fake setup and attempt authentication, which requires that the client EAP settings have been set insecurely and that the bogus network is cleverly disguised enough to convince users to connect to it.
If everything does go according to plan, our hacker will capture usernames right away. For the passwords, she’ll have to run a dictionary attack. If the password is relatively simple, she’ll have everything she needs to connect to the target network.
Spoofing your MAC address
Another security technique some people use is MAC address filtering. Each computer and device contains a unique MAC address, thus the network administrator can create a black and white list of addresses he or she wants to block or to allow onto the network. This can be used with or without wireless encryption or the hidden network technique.
If a hacker suspects a target network is using MAC address filtering, she’d just have to bring up a wireless surveying or analyzer program on her laptop; she could use CommView for Wi-Fi again. She would simply check out the list of stations (such as Figure 3 shows) or monitor the raw data packets to find a “good” MAC address that she could use.
Once a hacker has a MAC address she can emulate, in Windows, she would just bring up the network adapter’s properties dialog and type in the address, such as Figure 4 shows (below). In this way, the hacker won’t be stopped by the MAC address filter.
Let the fun begin
Once a hacker has found an open network or has successfully hacked one, she can try to access files and/or snoop on the network traffic, for example, to capture passwords used by users.
If she’s lucky, the users have placed files in the public shares. If she’s really hit pay dirt, she might find some sensitive documents containing goodies like banking info or other top secret stuff.
To capture e-mail, Website, and other passwords, a hacker can run a special sniffer. EffeTech HTTP Sniffer and Ace Password Sniffer are two commercial products that offer a free trial.
Lessons learned
Now that we’ve examined exactly what a hacker needs to get what she wants, it’s easier to see what every network administrator should know. Here are seven tips summarizing what you’ve learned and how it can help you better secure your Wi-Fi network:
Disabling SSID broadcasting doesn’t deter hackers, plus it can give you a big headache when configuring your network and causes an increase in network traffic (probes request and responses).
Don’t use WEP encryption, it’s useless.
WPA/WPA2-PSK encryption is still secure when using long complex mixed character passphrases.
WPA/WPA2-Enterprise encryption is even more secure if you properly set the client settings (validate the server, specify server address, don’t prompt for new servers, etc. ) and assign complex passwords.
Try to use WPA2 (with AES/CCMP) encryption only.
MAC address filtering may help control the computers or devices brought in by users, but is not a realistic deterrent against hackers.
For additional control over end-user connectivity, consider implementing a Network Access Control (NAC) or Network Access Protection (NAP) solution.
Eric Geier is the Founder and CEO of NoWiresSecurity, which helps businesses easily protect their Wi-Fi with enterprise-level encryption by offering an outsourced RADIUS/802. 1X authentication service. He is also the author of many networking and computing books for brands like For Dummies and Cisco Press.
Eric GeierEric Geier is an eSecurity Planet contributor.

Frequently Asked Questions about what can you do with someone’s mac address

What can a MAC address be used for?

A media access control address (MAC address) is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. This use is common in most IEEE 802 networking technologies, including Ethernet, Wi-Fi, and Bluetooth.

Can a hacker do anything with a MAC address?

MAC address filtering may help control the computers or devices brought in by users, but is not a realistic deterrent against hackers. For additional control over end-user connectivity, consider implementing a Network Access Control (NAC) or Network Access Protection (NAP) solution.Jul 7, 2010

What can an attacker do with a MAC address?

4 Answers. Your MAC address is your machine’s hardware address. This is mostly only important when an attacker is on the same network as you. At this point an attacker could do deauth attacks or intercept your traffic by posing as the networks router.

Leave a Reply

Your email address will not be published. Required fields are marked *