By Topic

A design of egress NAC using an authentication visa checking mechanism to protect against MAC address spoofing attacks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Somnuk Puanpronpitag ; Faculty of Informatics, Mahasarakham University, Thailand ; Atthapol Suwannasa

An egress Network Access Controller (NAC) is important to authenticate internal users before accessing external networks (such as browsing the Internet). It is generally deployed at most Wi-Fi hotspots. It can be also used to control wired access on any open Ethernet jacks (such as business centers or hotel rooms). However, a MAC address spoofing attack is a very simple but powerful technique to bypass the egress NAC. By spoofing their MAC Address to a legitimate user's, attackers can easily access network resources under that user's permission. There have been several previous proposals to solve this problem. However, all of them have been proven to be ineffective. In this paper, we therefore propose a new solution using an authentication visa checking mechanism. From experimental results on a test-bed, our new egress NAC has shown its effectiveness and efficiency in protecting against the MAC address spoofing attack on both wireless and wired network environments.

Published in:

Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2011 8th International Conference on

Date of Conference:

17-19 May 2011