MAC address spoofing mitigation

adam:ONE maps all devices to their respective MAC address as received at the gateway. As a result, many have asked how we mitigate MAC address spoofing attempts.

First, here some things to note:

  • Spoofing the MAC address of another device (while both devices are in reach) will disable both devices from operating normally because the switch won’t know how to handle the traffic
  • iOS devices cannot be spoofed
  • Android devices can be spoofed, however, MDM can be used on Android to make it impossible to spoof the MAC address

So how does adam:ONE mitigate MAC address spoofing?

Any device that connects to the network is automatically assigned to your Default Policy .

To reduce the risk of machines, software or users bypassing filtering policies by masking a device’s actual MAC address, simply set the DEFAULT Policy to “No Internet” (or a Policy of your choice). This way, no matter how many times MAC spoofing occurs to previously-unseen addresses, devices will always connect to your pre-selected filtering policy.

  • In other words, if someone spoofs the MAC to a random address, it will just land them on “No internet”

Our conclusion: MAC spoofing is possible, but highly impractical and rarely observed. If it happens, it leaves breadcrumbs and cannot be done without leaving traces when a conflict occurs. There are advanced mitigation techniques available that thwart this attack absolutely. Please reach out to our support if your security posture lists this as a requirement.

Setting the Default Policy:

To specify your Default Policy, log in to your ADAM dashboard (

  • Click on Policies
  • Select which Policy you’d like to make the default by clicking the drop down menu (under Manage Policies) and clicking the preferred Policy (example: No Internet)
  • Click the “Make Default” button

More info. on how devices are enrolled and named can be found by clicking this link.