Question about MAC Filtering

Discussion in 'OT Technology' started by NPH, Feb 14, 2008.

  1. NPH

    NPH Guest

    Would using MAC Filtering as the only security measure in your wireless network be sufficient?
     
  2. dissonance

    dissonance reset OT Supporter

    Joined:
    May 23, 2006
    Messages:
    5,652
    Likes Received:
    1
    Location:
    KS
    And how about making the netwok Invisible as well as only MAC Filtering?
     
  3. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    No, and no.

    Mac filtering is a VERY basic type of filtering... It is easily cracked.

    Not broadcasting the SSID is also very basic.


    You're best using a "combination", such as MAC filter, disable SSID broadcast, and use WPA2-PSK.

    That is an easy setup for most consumer grade hardware without worrying about radius or whatnot.
     
  4. Ricky

    Ricky █▄ █▄█ █▄ ▀█▄

    Joined:
    Jun 17, 2005
    Messages:
    38,767
    Likes Received:
    6
    no no
     
  5. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    what exactly are you trying to protect? i use very basic security on my home wireless network because all i care about is keeping my neighbors from stumbling onto my open network. other than that, i really don't care so much about blocking out people trying to hack in. i don't keep anything important on my PC.
     
  6. crontab

    crontab (uid = 0)

    Joined:
    Nov 14, 2000
    Messages:
    23,443
    Likes Received:
    12
    you don't want them to make bots out of your pc's either though.
     
  7. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    nah, got no problems with that.
     
  8. dissonance

    dissonance reset OT Supporter

    Joined:
    May 23, 2006
    Messages:
    5,652
    Likes Received:
    1
    Location:
    KS
    My network has my desktop wired, my HTPC wireless, girlfriend's desktop wired, and rarely girlfriend's cell phone. This is in an apartment complex with quite a few other wireless networks around. I might just go a head and make the hole in the wall (currently has cable wire running through it) bigger and squeeze an ethernet cable in there. That or just add encryption. I DO care about what is on my desktop and I know my girlfriend cares about what is on hers.

    To turn the PCs into bots though a hacker would still have to get through the firewalls (ZoneAlarm). I don't know how easy that is. Also, I don't see any of my neighbors being hackers of any sort, but I guess you never know.
     
  9. crontab

    crontab (uid = 0)

    Joined:
    Nov 14, 2000
    Messages:
    23,443
    Likes Received:
    12
    So you don't care what occurs with your bandwidth/storage/cycles?

    Access to your machines please.
     
  10. lightsareout

    lightsareout New Member

    Joined:
    Aug 19, 2006
    Messages:
    5,913
    Likes Received:
    0
    Location:
    Murfreesboro, TN
    no, MACs are so easy to clone, use higher security
     
  11. Skankin'

    Skankin' We are Ginger. We do not forgive. We do not forget

    Joined:
    Sep 3, 2007
    Messages:
    7,287
    Likes Received:
    0
    Use WPA2-PSK and disable the SSID, MAC filtering too. I keep valuable stuff on my network and I don't want to lose it. Especially with these 2 kids on my street that think they are amateur hackers. Beware war drivers too
     
  12. Sexual Vanilla

    Sexual Vanilla New Member

    Joined:
    May 23, 2005
    Messages:
    6,305
    Likes Received:
    0
    Location:
    South Carolina
    Depends on where you live. I live in a rural neighborhood with nothing but old farts around me. I only use MAC filtering, and in the 1 1/2 years my wireless network has been running, I have yet to get any unauthorized access. However, if you live near more people, I'd go with WPA.
     
  13. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    nah, i keep an eye on who is on what. i'm actually using WEP which sucks, but it is the best i can use with my TiVo and a 3rd party wireless adapter.

    but, living on a dead end street with nothing but old people around, a pond behind my house and pretty thick walls which kills the signal once you leave the building kind of not the greatest place for wardriving.
     
  14. FartLighter

    FartLighter Resident Fart Expert OT Supporter

    Joined:
    Jul 5, 2005
    Messages:
    2,853
    Likes Received:
    9
    Location:
    Mammoth Lakes, CA
    I don't remember the exact specifics, but this is how a system with MAC filtering can still be used:

    You can run a packet sniffer and see the headers of each Ethernet frame. If you can somehow figure out which packets are headed to the protected AP, you can extract the MAC address and spoof your own MAC so the AP will think you are an authorized user.

    So, no, it is not a great security measure. In a sparsely populated area, this is probably OK, but not in an urban area, or a college where there is a good likelihood someone in the know will associate with your AP.
     
  15. whup

    whup I wish you had children and.. so that I could step

    Joined:
    Feb 12, 2007
    Messages:
    1,603
    Likes Received:
    0
    wlan is slow enough as it is without turning on encryption. Turn on mac filtering and use that for now and monitor things to see if anyone tries to get on to your network. If that happens, then you have to ramp up the security.

    If you can't take that risk, turn on the encryption; or if you're the only person on the wlan then you don't have much to lose with the encryption anyway.

    Hiding the SSID won't make it much harder either because it's just as easy to find MAC addresses to spoof and "hidden" SSIDs anyway.

    The odds of someone wanting to take the risk of haxing into your wireless and being able to get a good enough signal to want to do that are pretty low, and then for them to want to do something malicious with that even lower imo.

    The important thing is that your computer itself be made as secure as possible, planning for the worst if someone compromises your network - because you can be at just as much risk using the internets anyway.
     

Share This Page