MAC spoofing remains a vector of attack in enterprise networks for two reasons.
1.) By using the address of a device that is authorized to be on the network—a printer, for example—an attack is often able to escape detection and potentially gain unfettered access.
2.) Forensics: even when an attempt is discovered during or after an attack, the culprit usually gets away because their real “fingerprints” are not found at the crime scene.
This white paper explores the MAC spoofing problem, covers best practices, and evaluates the effective solutions available to thwart off MAC spoofing attacks.