T 5.113 MAC spoofing

The MAC ("media access control") address for a device is an address assigned by the manufacturer and is used to address devices on OSI layer 2.

Various security mechanisms at the network level (for instance port security on switches) are based on the principle that a connection is only allowed to be established by a device with a specific MAC address.

With the aid of appropriate programs, an attacker can change the address of his device and send Ethernet frames in the network segment with a different ID. In this way it is possible to circumvent security mechanisms based solely on the use of a MAC address. However, the attacker must be in the same network segment or even have access to the same switch port as the device that he is attempting to mimic using MAC spoofing.

A threat due to MAC spoofing also exists on wireless networks (WLAN) on which related access control has been configured on the access point.

© Federal Office for Information Security. All rights reserved.