Gii php tn cng v phng chng mng WLAN Attack and Defence Solutions in WLAN

Tn cng v phng chng trong mng WLAN l vn c quan tm rt nhiu hin nay bi cc chuyn gia trong lnh vc bo mt. Nhiu gii php tn cng v phng chng c a ra nhng cho n by gi cha gii php no tht s gi l bo mt hon ton, cho n hin nay mi gii php phng chng c a ra u l tng i (ngha l tnh bo mt trong mng WLAN vn c th b ph v bng nhiu cch khc nhau). Vy tn cng mt mng WLAN nh th no? v gii php phng chng ra sao? Ti v cc bn s cng tm hiu r hn trong phn di y. Theo rt nhiu ti liu nghin cu, hin ti tn cng vo mng WLAN th cc Attacker c th s dng mt trong nhng cch sau: Passive Attack (sniffing) Active Attack (probing) Man-in-the-Middle Attack Denial-of-Services Attack Ad-hoc network Attack Wireless Spoofing AP Weaknesses War Driving 2.1. Passive Attack Tn cng b ng (passive) hay nghe ln (sniffing) c l l mt phng php tn cng WLAN n gin nht nhng vn rt hiu qu. Passive attack khng li mt du vt no chng t c s hin din ca attacker trong mng v khi tn cng attacker khng gi bt k gi tin no m ch lng nghe mi d liu lu thng trn mng. WLAN sniffer hay cc ng dng min ph c th c s dng thu thp thng tin v mng khng dy khong cch xa bng cch s dng anten nh hng. Phng php ny cho php attacker gi khong cch vi mng, khng li du vt trong khi vn lng nghe v thu thp c nhng thng tin qu gi. Sniffer thng l mt phn mm c th lng nghe v gii m cc gi d liu lu thng trn mng, sniffer ng vai tr mt h thng trung gian v s copy tt c cc gi d liu m c gi t my A sang my B, chp ly password trong nhng phin kt ni ca cc Client. V vy mng Wireless rt d b nghe ln so vi mng c dy thng thng. C nhiu ng dng c kh nng thu thp c password t nhng a ch HTTP, email, instant message, FTP session, telnet. Nhng kiu kt ni trn u truyn password theo dng clear text (khng m ha). Nhiu ng dng c th bt c c password hash (mt m c m ha

bng nhiu thut ton nh MD4, MD5, SHA,...) truyn trn on mng khng dy gia client v server lc client ng nhp vo. Bt k thng tin no truyn trn on mng khng dy theo kiu ny u rt d b tn cng bi attacker. Tc hi l khng th lng trc c nu nh attacker c th ng nhp vo mng bng thng tin ca mt ngi dng no v c tnh gy ra nhng thit hi cho mng. Mt attacker c th u trong bi u xe, dng nhng cng c t nhp vo mng WLAN ca bn. Cc cng c c th l mt packet sniffer, hay mt s phn mm min ph c th crack c WEP key v ng nhp vo mng.

2.1.1. Passive Scanning Passive Scanning l cch m Attacker dung ly thng tin t mng bng cch iu chnh thit b sao cho c tng s sng radio khc nhau. Passive Scanning ngha l cho Wireless NIC lng nghe trn mi knh mt vi thng ip m khng cho tht s hin din ca Attacker. Attacker c th qut b ng m khng cn phi gi bt c thng ip no. Ch ny gi l RF monitor, khi mi frame d liu lu thng trn mng c th bi copy bi Attacker, mc nh th chc nng ny thng khng c nhng Wireless NIC hin c trn th trng do c ci firmware tt chc nng ny. Trong ch ny mt Client c th chp ly nhng gi d liu m khng cn phi kt ni vi AP hoc Ah-hoc network.

2.1.2. Detecting SSID Thng thng bng cch Passive Scanning cc Attacker c th tm ra c SSID ca mng, bi v SSID nm trong cc frame sau: Beacon, Probe Request, Probe Responses, Association Requests v Reassociation Requests. Trn mt s AP co th cu hnh cho SSID c gi i trong frame Beacon c che giu i, v thm ch tt cc frame Beacon hon ton. SSID c giu trong cc frame Beacon mc ch gim ti thiu s nhn bit ca cc Client v SSID. Trong nhiu trng hp cc Client c gng gia nhp vo mng WLAN kt ni bng cch gi yu cu d tm khi m khng thy bt k AP no m SSID khng ging. Cng nu frame Beacon khng tt th cc Attacker hin nhin s xin c SSID t AP bng cch Passive Scanning. Khi m c c SSID, th yu cu kt ni s xut hin ti nhng Client m c SSID ph hp. Mt yu cu trong frame ny s bao gm SSID ng v thng tin nghe trm ca Attacker. Nu mt Client mun gia nhp vo bt k AP no cho php, n s gi yu cu d tm trn tt c cc knh v lng nghe li phn hi m c cha SSID ca AP. Attacker s xem xt qua tt c cc li

phn hi chn ra mt AP. Thng thng th kt ni s c thit lp ngay sau v Attacker s i nhng thng tin phn hi v suy ra c SSID. Nu vic truyn nhn frame Beacon b tt, th Attacker c 2 la chn. Hoc l Attacker tip tc lng nghe n khi mt yu cu kt ni xut hin t mt Client c quyn truy cp mng v c SSID ph hp nghe trm SSID ny. Hoc l Attacker c th d tm bng cch bm vo (injecting) mt frame m to ra sn v sau lng nghe phn hi (bc ny s nghin cu su hn trong phn sau - Active attack). 2.1.3. Collecting the MAC Addresses Cc Attacker thu thp cc a ch MAC hp l s dng trong cc frame gi mo c dng ln sau ny. a ch MAC ngun v ch lun cha y trong tt c cc frame. C 2 l do ti sao Attacker mun thu thp MAC Address ca cc Client v AP trong mng. Mt l Attacker mun s dng nhng gi tr ny trong cc frame gi mo my ca hn khng b AP nhn ra. Th hai l cc AP c chc nng lc cc a ch MAC cha c ng k th khng cho truy cp vo mng, Attacker s gi mo a ch MAC truy cp hp php. 2.1.4. Collecting frames for Cracking WEP Mc ch ca cc Attacker l tm ra kha WEP. Thng thng kha ny c th on ra c da vo mt lng ln cc h thng cng cng m cc qun tr mng cu hnh v thng s dng. Mt vi phn mm Client lu tr kha WEP trong Registry ca h thng. Sau ny chng ta phi tha nhn rng cc Attacker khng thnh cng trong vic xin kha trong cch ny, cc Attacker sau tn dng cc phng php mt cch c h thng trong vic crack WEP. thc hin mc ch ny mt s lng frame rt ln (hng triu) frame cn c thu thp crack WEP bi v l cch WEP hot ng. Attacker nghe trm mt lng ln cc frame d liu t mt mng WLAN. Tt c cc frame ny s dng cng mt kha. Nhng thut ton ng sau nhng secret-shared-key l mt tp hp cc on text m ha m c trch xut t cc frame. Tuy nhin tt c nhng g cn l mt tp hp cc frame c m ha vi nhng thut ton yu. S frame c m ha vi thut ton yu chim t l nh trong tt c cc frame. Trong tp hp hng triu frame c th ch c 100 frame c m ha nh vy. C th thy c rng vic tp hp ny c th mt n vi gi v thm ch vi ngy trch xut ra thng tin cn d tm. Tuy nhin cc Attacker c th s dng cc my tnh mnh th thi gian d tm thng tin nhanh hn c th ch cn vi pht n vi gi. TOOL: - AirSnort (http://airsnort.shmoo.com), - Kismet (http://www.kismetwireless.net/)

- AiroPeek (http://www.widepackets.com/) - Sniffer Pro - WirelessMon (http://www.passmark.com) 2.1.5. Detecting Sniffer Sniffer thng tn cng ch ng bng cch thu thp d liu. Cho nn vic pht hin Sniffer tr nn rt kh khn, c bit l khi Sniffer hot ng trn nhng d liu c chia s trn mng. Nhng iu ny tr nn d dng hn vi mt s chc nng pht hin Sniffer nh sau: Ping Method: s gi mo c s dng y l gi yu cu vi IP Address t mt h thng kim tra. tng y l khng Client no nhn c packet ny nu khng trng MAC Address. Nhng nu l mt Sniffer th s tr li ngay v s khng loi b Packet ny cho d khc MAC Address. y l mt phng php c v khng cn c s dng nhiu v khng c tin cy cao. ARP Method: mt h thng s lu li cc ARP, cho nn khi chng ta gi mt gi ARP khng broadcast th h thng s lu li ARP Address ny. Sau chng ta s ping broadcast vi IP Address ca chng ta nhng MAC Address khc. Ch c h thng m c MAC Address ng mi tr li li lnh ping ny. ARP watch: mt cch thc nghe trm l s t v tr ca Sniffer ti gateway ca h thng mng. Mt tin ch gi l ARPWatch c th s dng gim st b nh ca ARP trn mt h thng v s cnh bo nu c 2 h thng ging nhau. Nhng ng tic l nhng h thng c trin khai trn DHCP th c th h thng gim st c th a ra nhng cnh bo sai. V d mt User sau khi ngt kt ni mng sau mt khong thi gian ri li truy cp vo mng v nhn c mt IP Address ging vi trc y th h thng gim st s pht ra thng bo ngay do cn lu trong b nh cache. IDS: h thng Instrusion Detection Systems, gim st s gi mo ARP trn mng. H thng ny s lu li trn mng vi nhng a ch ARP gi mo. Thng thng h thng s so snh IP Addres v MAC Address, nu khng ph hp s pht ra cnh bo.

2.1.6. Preventing Sniffing Cch tt nht bo v bn, cng ty hoc doanh nghip trc s gi mo l s dng m ha. Tuy khng ngn chn c nhng chc nng gi mo, nhng n bt Sniffer ch c c nhng d liu b m ha.

Mt h thng m c nhng User c tnh lm hi th hn s c gng gi mo ARP l mt gateway. ngn chn vic ny, bn c th gi MAC Address ca gateway tht lu trong b nh. Hoc bn c th thay i thng xuyn MAC Address cho gateway v mt vi h thng quan trng trong mng ca bn. Ngoi ra cn c mt vi phng php m ngi Admin mng v bo mt c th p dng c th bo v mng. u tin l trin khai phn mm gim st tng on mng v ch n nhng hot ng ca ARP. m bo rng mc lu thng trong mng trong gii hn cho php v c th kim sot c. Th hai l bo v trn tng on mng (subnet), bng cch chia h thng mng ra tng Virtual LAN (VLAN) v gii hn quyn truy cp n router cho tng host khc nhau trnh b tn cng. C th mt Attacker mun tn cng ARP n mt host trong h thng mng nhng khng thnh cng v khng cng subnet hoc VLAN bi v cc thit b Routing s loi b nhng packet ny. Th ba l s dng nhng m kh cho nhng cp MAC/IP trn nhng h thng ch cht cho nn cc Attacker khng th thay i n. Mt vi thit b Switch cho php cu hnh cp MAC/TP tnh cho mi port trn thit b. Thut ng: Beacon L frame d liu trong mng WLAN c gi broadcast bi AP m nhng tn hiu ny rt c gi tr i vi Attacker 2.2. Active Attack (Probing) Attacker c th tn cng ch ng (active) thc hin mt s tc v trn mng. Mt cuc tn cng ch ng c th c s dng truy cp vo server v ly c nhng d liu c gi tr hay s dng ng kt ni Internet ca doanh nghip thc hin nhng mc ch ph hoi hay thm ch l thay i cu hnh ca h tng mng. Bng cch kt ni vi mng khng dy thng qua AP, attacker c th xm nhp su hn vo mng hoc c th thay i cu hnh ca mng. V d, mt attacker c th sa i thm MAC address ca attacker vo danh sch cho php ca MAC filter (danh sch lc a ch MAC) trn AP hay v hiu ha tnh nng MAC filter gip cho vic t nhp sau ny d dng hn. Admin thm ch khng bit c thay i ny trong mt thi gian di nu nh khng kim tra thng xuyn. Mt s v d in hnh ca active attack c th bao gm cc Spammer (k pht tn th rc) hay cc i th cnh tranh mun t nhp vo c s d liu ca cng ty bn. Mt spammer c th gi mt lc nhiu mail n mng ca gia nh hay doanh nghip thng qua kt ni khng dy WLAN. Sau khi c c a ch IP t DHCP server, attacker c th gi c ngn bc th s dng

kt ni internet ca bn m bn khng h bit. Kiu tn cng ny c th lm cho ISP ca bn ngt kt ni email ca bn v lm dng gi nhiu mail mc d khng phi li ca bn. Mt khi attacker c c kt ni khng dy vo mng ca bn, hn c th truy cp vo server, s dng kt ni WAN, Internet hay truy cp n laptop, desktop ngi dng. Cng vi mt s cng c n gin, attacker c th d dng thu thp c nhng thng tin quan trng, gi mo ngi dng hay thm ch gy thit hi cho mng bng cch cu hnh sai. D tm server bng cch qut cng, to ra phin lm vic NULL chia s hay crack password, sau ng nhp vo server bng account crack c l nhng iu m attacker c th lm i vi mng ca bn. 2.2.1. Detecting SSID Tm ra SSID thng thng rt n gin vi s h tr ca cc cng c v bt ly nhng frame d liu quan trng. Nu nhng frame ny khng c lu thng trn mng th Attacker khng kin nhn ch i mt yu cu kt ni hp l t mt Client khc m c quyn truy cp vo mng thng qua c c mt SSID chnh xc. Attacker s bm vo (injecting) mt yu cu thm d bng mt a ch MAC gi mo. V lm tng a ch MAC nn AP s pht ra nhng frame d liu quan trng, lc ny Attacker s tm ra SSID thng qua yu cu thm d gi. Mt vi loi AP cho php tt chc nng tr li i vi nhng yu cu thm d m khng ng SSID. Trong trng hp ny Attacker s quyt nh chn mt Client kt ni n mt AP, v gi cho Client ny frame tch ri gi mo m a ch MAC c ci t trn AP. Client s gi mt yu cu kt ni li v SSID l din. 3. Man-in-the-middle Attack (MITM Attack) Tn cng theo kiu Man-in-the-middle l trng hp trong attacker s dng mt AP nh cp cc node di ng bng cch gi tn hiu RF mnh hn AP thc n cc node . Cc node di ng nhn thy c AP pht tn hiu RF tt hn nn s kt ni n AP gi mo ny, truyn d liu c th l nhng d liu nhy cm n AP gi mo v attacker c ton quyn x l. n gin l k ng vai tr l mt AP gi mo ng gia tt c cc Client v AP thc s, thm ch cc Client v AP thc khng nhn thy s hin din ca AP gi mo ny. lm cho client kt ni li n AP gi mo th cng sut pht ca AP gi mo phi cao hn nhiu so vi AP thc trong vng ph sng ca n. Vic kt ni li vi AP gi mo c xem nh l mt phn ca roaming nn ngi dng s khng h bit c. Vic a ngun nhiu ton knh (all-band interference - chng hn nh bluetooth) vo vng ph sng ca AP thc s buc client phi roaming. Attacker mun tn cng theo kiu Man-in-the-middle ny trc tin phi bit c gi tr SSID

l cc client ang s dng (gi tr ny rt d dng c c bng cc cng c qut mng WLAN). Sau , attacker phi bit c gi tr WEP key nu mng c s dng WEP. Kt ni upstream (vi mng trc c dy) t AP gi mo c iu khin thng qua mt thit b client nh PC card hay Workgroup Bridge. Nhiu khi, tn cng Man-in-the-middle c thc hin ch vi mt laptop v 2 PCMCIA card. Phn mm AP chy trn my laptop ni PC card c s dng nh l mt AP v mt PC card th 2 c s dng kt ni laptop n AP thc gn . Trong cu hnh ny, laptop chnh l man-in-the-middle (ngi gia), hot ng gia client v AP thc. T attacker c th ly c nhng thng tin gi tr bng cch s dng cc sniffer trn my laptop. im ct yu trong kiu tn cng ny l ngi dng khng th nhn bit c. V th, s lng thng tin m attacker c th thu c ch ph thuc vo thi gian m attacker c th duy tr trng thi ny trc khi b pht hin. Bo mt vt l (Physical security) l phng php tt nht chng li kiu tn cng ny. 2.3.1. Wireless MITM Gi s cho rng Client B c chng thc hp l vi C l mt AP thc. Attacker X l mt laptop c 2 wireless card, thng qua mt card, hn s hin din trn mng wireless l mt AP. Attacker X s gi nhng frame khng hp l n B ma s dng a ch MAC ca Access Point C nh l a ch ngun, v BSSID c thu thp. B s khng c chng thc v bt u d tm AP v c th tm thy X trn knh khc vi knh ca Access Point C, y c th xem l mt cuc tranh ginh gia Attacker X v Access Point C. Nu B kt ni vi X, th cuc tn cng theo phng php MITM coi nh thnh cng. Sau X s gi li nhng frame m n nhn t chuyn sang cho C, ngc li nhng frame m n nhn t C chuyn sang cho B sau khi thay i sau cho ph hp. 2.3.2. ARP Poisoning ARP cache poisoning l mt cng ngh c dng trong mng c dy thng thng. Nhng hin ti cng ngh ny c xut hin li trong cc AP m kt ni n Switch/Hub vi cc Client trong mng c dy. ARP thng c s dng xc nh a ch MAC khi m bit a ch IP. S chuyn i ny c thc hin thng qua vic tm kim trong mt bng a ch, ARP cache s gi nhim v cp nht bng a ch ny bng cch gi broadcast cc gi d liu yu cu cha cc a ch IP n cc Client, nu nh IP ca Client no trng vi IP nhn c th s phn hi li vi gi d liu cha MAC Address ca mnh. Nhng thnh phn trong bng ny s ht hng trong mt khong thi gian nht nh v Client c th thay i phn cng (NIC) th khi bng ny s

c cp nht li. Tuy nhin mt nhc im ca ARP l khng c bt k s kim tra no t nhng phn hi ca cc Client hp l hoc l nhn phn hi t nhng Client gi mo. ARP Poisoning l mt phng php tn cng li dng vo l hng ny. Nu ARP cache b li th HH s vn lu a MAC sai ca mt vi a ch IP. Attacker s thc hin bng cch gi cc gi d liu phn hi vi nhng MAC Address sai. ARP Poisoning l mt trong nhng cng ngh m cho php tn cng theo kiu MITM. Attacker X s a hn vo gia 2 my B v C, bng cch nhim vo B cho nn IP ca C c kt ni vi MAC Address ca X, ngc li bng cch nhim vo C cho nn IP ca B s kt ni vi MAC Address ca X, ngha l cui cng mi giao tip gia B v C u phi thng qua X. Tn cng ARP poisoning th c th p dng cho tt c cc host trong cng mt subnet. Hu ht cc AP ng vai tr cu ni truyn nhn lp a ch MAC, cho nn tt c cc Client kt ni n u c th b nguy him. Nu nh mt AP c kt ni trc tip n Switch/Hub m khng c Router/Firewall th sau cc Client kt ni n Switch/Hub rt d b tn cng. Ch rng hu ht cc thit b c mt trn th trng hin nay u c tch hp Switch vi 4 hoc 5 port vo trong AP, Router hoc DSL/cable modem kt ni Internet, bn trong th AP c kt ni vi Switch. Kt qu l Attacker c th l mt Client v tr thnh mt MITM gia 2 mng c dy thng thng, mt mng wireless v mt mng c dy, hoc c 2 mng wireless. TOOL: - HostAP (hostap.epitest.fi) - AirJack (http://802.11ninja.net/airjack/) 4. Wireless Spoofing Mt khi nhng Client, thit b hoc User no b ngn cm truy cp vo mng Wireless, th Spoofing (gi mo) l mt trong cc cch tn cng hu hiu trong mng Wireless. Mc ch ca vic ny l c th gia nhp vo mng v ri sau s dng nhng cng c d tm v ly nhng thng tin chng thc ca cc User v tr thnh User hp l (Man-in-the-Middle Attack cng l mt cch ca kiu tn cng ny) 3.1. IP Spoofing IP Spoofing l mt cng ngh nhm vt qua s ngn chn truy cp ca h thng, Attacker c th gi cc thng ip n mt my tnh m di danh ngha l mt host hp l. y c mt vi s khc nhau trong nhiu cch tn cng theo kiu ny: 3.1.1. Non-Blind Spoofing Cch ny p dng khi Attacker cng mt subnet vi Victim, nn vic nghe trm cc packet trn mng l iu rt n gin. Loi ny cn c gi l Session Hijacking v mt Attacker c

th trnh c bt k h thng chng thc no v thit lp kt ni. iu ny thc hin c bng cch ngt cc dng d liu ca cc kt ni m c thit lp, sau ti thit lp li da trn nhng packet ng vi h thng tn cng. 3.1.2. MITM Attack (connection hijacking) Trong cch tn cng ny, Attacker s chng nhng giao tip hp l ca 2 host iu khin d liu gia 2 host, khi Attacker s mo danh c 2 host gi d liu cho 2 host ny. 2 host vn trao i d liu vi nhau bnh thng nhng thc t d liu my A gi cho B th thng qua Attacker, Attacker s chp thng tin t my A v sau s mo danh a ch my A v truyn n cho B. iu kin thc hin cch tn cng ny l Attacker phi t mnh gia ng lien kt ca 2 host. 3.1.3. DoS IP Spoofing i khi cng c s dng bng tn cng Dos. Khi Attacker s phi tn nhiu thi gian v ti nguyn nh bng thng c th tht nhiu packet n Victim trong mt khong thi gian. Khi Attacker s gi mo a ch IP ngun theo di v tn cng DoS. Khi nhiu host tha hip vi nhau v ng lot tn cng, th s gi nhng packet gi mo, n lm cho lu lng trn mng nhanh chng b nghn.

Ch rng, cng ngh IP Spoofing khng cho php cc User Anonymous Internet truy cp v y cng l quan nim sai ca rt nhiu ngi. ngn chn IP Spoofing c mt ci gii php c ra nh: Trnh s dng chng thc a ch ngun. Trin khai h thng m ha v chng thc trn din rng. Cu hnh mng loi b i nhng packet t Internet m c th gy hi n h thng mng ni b. Trin khai h thng kim sot in-out trn cc Router vng ngoi v trin khai mt ACL (Access Control List) kha li nhng IP Address c nhn trn h thng mng. Nu nh bn cho php kt ni t bn ngoi th nn bt chc nng m ha trn Router. 3.2. MAC Spoofing Mi mt NIC u c mt a ch vt l c gi l MAC Address. a ch ny gm c 12 ch s HEX l duy nht. V thng thng trn cc thit b AP c cung cp mt chc nng lc MAC Address mc ch nhm ngn chn mt Client no thng qua MAC Address. Thng thng nhng Client no nm trong danh sch ny s khng th truy cp vo mng cng nh nhng ti nguyn c chia s trn mng.

Nhng mt iu lm cho chc nng ny tr nn v dng l MAC Address hon ton c th gi mo c. Khi th bt k mt Hacker nghip d no cng c th vt qua chc nng lc MAC Address v tr thnh mt Client c a ch c hp l. Cho nn vic lc MAC Address cha to ra c s tin tng cho vic bo mt nht l nhng h thng mng ln. Gi mo MAC Address ngha l mt Attacker c gng thay i sang mt gi tr khc sao cho thng qua a ch MAC mi c th gia nhp mng Wireless v gi hoc nhn d liu. Mt khi cc Attacker c nh tn cng mng theo cch thc ny th thng vi mt vi l do nh lm ri h thng mng, vt qua chnh sch truy cp ca mng hoc ng vai l mt User c chng thc. Ta cng tm hiu r tng l do trong phn di y: 3.2.1. Obfuscating network presence Attacker c th s dng cch thay i MAC Address n trnh h thng bo v v pht hin. Mt v d nh Attacker s chy nhng on script tn cng vi nhng a ch MAC ngu nhin cho mi mt kt ni thnh cng. Khi cc h thng hoc ng dng phn tch mng s khng th pht hin ra s gi mo ny. 3.2.2. Bypassing access control lists Access control list thng l c xem nh l mt nh dng (danh sch) cho quyn truy cp vo mng WLAN, nhng ngi qun tr thng thng c nhiu ty chn cu hnh AP hoc nhng Router l thc hin vic ng k cc a ch MAC cho cc kt ni trn mng. Attacker c th gi mo bng cch gim st mi lu thng trn mng t xut mt danh sch cc a ch MAC m c chng thc hp l bi AP hoc Router. Vi danh sch ny trong tay, Attacker c th t do gn a ch ca mnh trng vi mt trong cc a ch hp l trnh c h thng bo mt ca mng. 3.2.3. Authenticated User impersonation Nhng thit b phn cng bo mt ca mng WLAN u da trn kh nng kim sot chng thc User bng a ch MAC ca Client. Sau khi User chng thc thnh cng, th h thng bo mt s thc hin vic lu thng da trn mt danh sch MAC Address ng. Attacker ch la cc thit b khi cn thit gim st mi hnh ng trn mng v tm ra mt a ch MAC hp l v sau hn s thay i a ch MAC ca mnh trng vi a ch tm ra trc khi gia nhp vo mng. 3.2.4. Preventing MAC Spoofing y l mt trong nhng cch ngn chn s gi mo ny trn mng c dy: rt nhiu Switch c port security. Switch ch bit qua MAC Address mt ln, v sau s c lu tr thng xuyn, t lc Switch s khng chp nhn bt k MAC Address no m c lu. H thng ny c chc nng ngn chn tn cng bng cch gi mo MAC Address. Cho nn bt k khi no c s thay i trong mng Admin cn cu hnh li cho Switch.

TOOL: - SMAC 2.0 (http://www.download3k.com/Install-SMAC.html) - MadMAC - MAC Address Change