billyblaxsta Posted June 5, 2011 Share Posted June 5, 2011 Hello, I have a legitimate connection to the eduroam network (www.eduroam.org). This networks allows students throughout the world to connect to the eduroam network. Eduroam is WPA2 Enterprise and so I need a username, password, and certificate. My University uses Protected EAP and MSCHAPv2. The first time I connected I used my external card (wlan1). Everything worked. Here are the relevant logs from syslog: Apr 26 21:39:20 myname wpa_supplicant[736]: CTRL-EVENT-EAP-STARTED EAP authentication started Apr 26 21:39:20 myname NetworkManager: <info> (wlan1): supplicant connection state: associating -> associated Apr 26 21:39:20 myname wpa_supplicant[736]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected Apr 26 21:39:21 myname wpa_supplicant[736]: OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0) Apr 26 21:39:22 myname wpa_supplicant[736]: EAP-MSCHAPV2: Authentication succeeded Apr 26 21:39:22 myname wpa_supplicant[736]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed Apr 26 21:39:22 myname wpa_supplicant[736]: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully Apr 26 21:39:22 myname NetworkManager: <info> (wlan1): supplicant connection state: associated -> 4-way handshake I then disconnected and spoofed my MAC on wlan1. Then I tried to connect again. It failed. Logs: Apr 26 21:37:04 myname wpa_supplicant[736]: CTRL-EVENT-EAP-STARTED EAP authentication started Apr 26 21:37:04 myname NetworkManager: <info> (wlan1): supplicant connection state: associating -> associated Apr 26 21:37:04 myname wpa_supplicant[736]: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected Apr 26 21:37:05 myname wpa_supplicant[736]: OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0) Apr 26 21:37:05 myname wpa_supplicant[736]: EAP-MSCHAPV2: Authentication succeeded Apr 26 21:37:05 myname wpa_supplicant[736]: EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed Apr 26 21:37:05 myname wpa_supplicant[736]: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully Apr 26 21:37:05 myname NetworkManager: <info> (wlan1): supplicant connection state: associated -> 4-way handshake Apr 26 21:37:06 myname kernel: [ 320.448925] wlan1: deauthenticated from 00:27:09:2d:88:13 (Reason: 23) Apr 26 21:37:06 myname wpa_supplicant[736]: CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys Apr 26 21:37:06 myname NetworkManager: <info> (wlan1): supplicant connection state: 4-way handshake -> disconnected Apr 26 21:37:06 myname NetworkManager: <info> (wlan1): supplicant connection state: disconnected -> scanning I then looked up "Reason 23" here: http://etutorials.org/Networking/Wireless+lan+security/Chapter+4.+WLAN+Fundamentals/Basic+Choreography/ which told me it meant that IEEE 802.1X authentication failed. So I looked up IEEE 802.1X authentication failed and found this https://secure.wikimedia.org/wikipedia/en/wiki/IEEE_802.1X. If you scroll down to "Federations" you will see that eduroam is mentioned as an example of one of the networks that uses 802.1X authentication. I also tried with my wlan0 card and also could not connect. The last positive message was CTRL-EVENT-EAP-STARTED EAP. Then deauthentication. The only reason I can see that I could not access the network with my username and password is when I connected for the first time my MAC was logged and now only that MAC can access the network. The eduroam website has a detailed guide but MAC filtering is not mentioned. In fact, I cannot find anything that confirms my problem is the result of MAC filtering. Would someone like to confirm or challenge my assumption. I don't really understand why MAC filtering is considered sensible. A student cannot connect to eduroam if he changes his laptop, uses a friends laptop, or wants to use his Blackberry or iPhone to connect. Thanks. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 5, 2011 Share Posted June 5, 2011 Ask the help desk or network admin. Quote Link to comment Share on other sites More sharing options...
digip Posted June 5, 2011 Share Posted June 5, 2011 (edited) The implementation they have is also probably using MACsec in its EAPOL settings, which means that your original MAC address is already registered as the default device for that login you are using. I would advise you to tread lightly while using your normal mac, since for security purposes, they are tracking data at layer 2, and not by IP alone. In other words, they know your device by its physical mac address. http://standards.ieee.org/cgi-bin/status?Designation:%20802.1AE Edited June 5, 2011 by digip Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 5, 2011 Share Posted June 5, 2011 The only way you could spoof your MAC address, is using a MAC address that is already known to the Wireless System. For example, you could pose as another trusted wireless client, but this would be illegal and against the network usage policy. If you would like to use a different MAC address the only way to overcome that is contacting your helpdesk, but that could raise some suspicion in your IT department, so play it cool. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.