MAC Spoofing
What is MAC Spoofing?
MAC SpoofingChanging a network interface's hardware MAC address to impersonate another device, bypass MAC-based access controls, or evade tracking.
MAC spoofing programmatically overrides the burned-in MAC address of a NIC with one chosen by the attacker. On networks that rely on MAC filtering, captive-portal allowlists, or licensing tied to a hardware address, this is enough to gain unauthorized access. It is also used to evade per-device quotas on public Wi-Fi, to defeat de-authentication defenses, or to take over IP leases on poorly segmented networks. Defences include 802.1X port-based authentication, NAC posture checks, dynamic ARP inspection with DHCP snooping, and not treating MAC addresses as authentication.
● Examples
- 01
Cloning the MAC of an authorised laptop to bypass MAC filtering on a Wi-Fi network.
- 02
Resetting the Wi-Fi MAC to obtain new free-trial time on a captive portal.
● Frequently asked questions
What is MAC Spoofing?
Changing a network interface's hardware MAC address to impersonate another device, bypass MAC-based access controls, or evade tracking. It belongs to the Attacks & Threats category of cybersecurity.
What does MAC Spoofing mean?
Changing a network interface's hardware MAC address to impersonate another device, bypass MAC-based access controls, or evade tracking.
How do you defend against MAC Spoofing?
Defences for MAC Spoofing typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for MAC Spoofing?
Common alternative names include: MAC address spoofing.