Is MAC Filtering good enough to just keep the neighbors off?

[aphex]

I don't have anything on my network i'm worried about protecting all that much, i just want to keep the neighbors from hopping on and using my cable if they are bored.

Will MAC Filtering be ok?

 

[Rilex]

No. MACs can be sniffed and spoofed.

If you're not using any type of encryption (WEP, WPA, WPA2), remember that what you send (if the application isn't doing encryption) is sent in the clear.

 

[spidey07]

Originally posted by: aphex
I don't have anything on my network i'm worried about protecting all that much, i just want to keep the neighbors from hopping on and using my cable if they are bored.

Will MAC Filtering be ok?

if you're using encryption and mac filtering you'll keep all but the determined hackers off.

 

[brunswickite]

dont broadcast your ssid

 

[tamasrepus]

If all you're wanting to do is prevent your barely-tech-savvy neighbor from browsing with your wireless, MAC filtering along with disabling SSID broadcast is more than enough.

 

[JackMDS]

Disabling SSID might result with None-functional or Semi-functional Wireless connection.

You can add to the MAC IP unavailable.

I.e. configure your Computers with Static IPs and leave DHCP Off.

Or, if your Router allows IP reservations reserve the Available IPs to your computer only.

:sun:

 

[Rilex]

Not broadcasting your SSID is another sort of "wireless protection myth". It won't make you any more secure.

IP Reservations still can be used by machines that aren't assigned to the reservation.

IPs can also be sniffed out thus showing the approximate range of available IPs in your network.

 

[Maluno]

Originally posted by: Rilex
Not broadcasting your SSID is another sort of "wireless protection myth". It won't make you any more secure.

IP Reservations still can be used by machines that aren't assigned to the reservation.

IPs can also be sniffed out thus showing the approximate range of available IPs in your network.

QFT.

Run a standalone radius server from your wired network from behind at least three levels of firewall!!!

 

[JackMDS]

Originally posted by: Rilex
Not broadcasting your SSID is another sort of "wireless protection myth". It won't make you any more secure.

IP Reservations still can be used by machines that aren't assigned to the reservation.

IPs can also be sniffed out thus showing the approximate range of available IPs in your network.

The premise of this thread assume protection from a None Hacker/Sniffer/Spoofer neighbor.

:sun:

 

[Rilex]

Is that sort of like guessing that your network is secure and leaving it at that?

 

[JackMDS]

Originally posted by: Rilex
Is that sort of like guessing that your network is secure and leaving it at that?

Nope, this is like people in New York City that have a different level of Security needs for thier Homes Cars, etc., than poeple who live in a guarded retirement community in Florida.

Or as an example, I am right Now as we speak, on an Island with No Cars allowed (I.e. No War Driving). None of my neighbors within few hundred feet has Wireless, and I am surrounded with thick Green Garden.

:sun:

 

[Zap]

Originally posted by: aphex
I don't have anything on my network i'm worried about protecting all that much, i just want to keep the neighbors from hopping on and using my cable if they are bored.

Will MAC Filtering be ok?

I'll buck the trend and say yes. Nearly everything can be broken into. If you're paranoid where do you stop? Disable broadcase SSID, WPA, MAC filtering, RADIUS, VPN, static IP... where does the madness end?

Ya know what? The average neighbor barely knows how to check email, let alone spoof MAC addresses. If your neighbors have wireless, chances are one of them does not have any protection at all. If someone wanted free internet they'll do the easy thing and just connect to the one with no protection. If someone wanted to do damage and steal data for profit, they'll go after some kind of business, likely a financial institution, not some homeowner with a second mortgage, car payments and a son in college.

 

[brunswickite]

Originally posted by: Zap

Originally posted by: aphex
I don't have anything on my network i'm worried about protecting all that much, i just want to keep the neighbors from hopping on and using my cable if they are bored.

Will MAC Filtering be ok?

I'll buck the trend and say yes. Nearly everything can be broken into. If you're paranoid where do you stop? Disable broadcase SSID, WPA, MAC filtering, RADIUS, VPN, static IP... where does the madness end?

Ya know what? The average neighbor barely knows how to check email, let alone spoof MAC addresses. If your neighbors have wireless, chances are one of them does not have any protection at all. If someone wanted free internet they'll do the easy thing and just connect to the one with no protection. If someone wanted to do damage and steal data for profit, they'll go after some kind of business, likely a financial institution, not some homeowner with a second mortgage, car payments and a son in college.

Well said.

 

[nweaver]

Can somoene sniff the network and find a packet with the SSID, a valid MAC and IP? Sure, but not the AVERAGE user. Airopeek is pretty spendy (not sure if it's in the warez circles much) and other then that, is there a decent wireless based sniffer?
Throw encryption on top of that and I feel that a home user is "ok". Even with WEP128, with no SSID, and mac filtering, the average war driver will just grab the guy next door/down the street/a few blocks over who is broadcasting a nonencrypted signal with "linksys" for the ssid.

If your equipment does not support no SSID (i.e. has issues) then maybe you should consider decent equipment. No SSID with various levels of security is REQUIRED for a card to be Cisco wireless compatible (CCX). I've not found a card that has a hard time with this.

 

[Rilex]

There are plenty of free wireless sniffers. KisMac for OSX, Kismet, etc.

Just remember the rule, security through obscurity != security.

The average neighbor barely knows how to check email, let alone spoof MAC addresses.

Then I'm assuming you know everyone who happens to drive past your place of residence?

At least use WEP or WPA. Far easier to set up than MAC address filtering and more secure. Like I said, not only does it provide your network with protection on who can join the network, but provides packet level encryption as well. Something MAC address filtering won't address.

If someone wanted to do damage and steal data for profit, they'll go after some kind of business, likely a financial institution, not some homeowner with a second mortgage, car payments and a son in college.

"No one will go through my trash to steal my identiy!"

 

[Zap]

Originally posted by: Rilex
"No one will go through my trash to steal my identiy!"

Not everybody balances their checkbook on their computer. Someone break into my computer will find... pr0n and anime. :laugh:

 

[spidey07]

Originally posted by: Zap

Originally posted by: Rilex
"No one will go through my trash to steal my identiy!"

Not everybody balances their checkbook on their computer. Someone break into my computer will find... pr0n and anime. :laugh:

heh, I don't balance my checkbook on a computer. I balance it on their web servers.

😉

 

[skisteven1]

mac filtering is more than enough to keep the average home user off your network. OR wep/wap key. As long as it's not completely open, you're probably fine.

That said, here's what I do:
I have a 64bit wep key (more for an annoyance than anything), and occasionally check to see what MAC addresses have registered themselves with the router. If it's not a MAC/computername that I recognize, I block that MAC. Works fine for me, and I'm in an apartment building with plenty of people who might want to get on my network, and some who might even have technical skills. General rule though, is that nobody cares enough to spend more than 5 minutes or so on it.