Is MAC Filtering good enough to just keep the neighbors off?
- Thread starter aphex
- Start date
No. MACs can be sniffed and spoofed.
If you're not using any type of encryption (WEP, WPA, WPA2), remember that what you send (if the application isn't doing encryption) is sent in the clear.
If you're not using any type of encryption (WEP, WPA, WPA2), remember that what you send (if the application isn't doing encryption) is sent in the clear.
If all you're wanting to do is prevent your barely-tech-savvy neighbor from browsing with your wireless, MAC filtering along with disabling SSID broadcast is more than enough.
- Oct 25, 1999
- 29,548
- 424
- 126
Disabling SSID might result with None-functional or Semi-functional Wireless connection.
You can add to the MAC IP unavailable.
I.e. configure your Computers with Static IPs and leave DHCP Off.
Or, if your Router allows IP reservations reserve the Available IPs to your computer only.
:sun:
You can add to the MAC IP unavailable.
I.e. configure your Computers with Static IPs and leave DHCP Off.
Or, if your Router allows IP reservations reserve the Available IPs to your computer only.
:sun:
Not broadcasting your SSID is another sort of "wireless protection myth". It won't make you any more secure.
IP Reservations still can be used by machines that aren't assigned to the reservation.
IPs can also be sniffed out thus showing the approximate range of available IPs in your network.
IP Reservations still can be used by machines that aren't assigned to the reservation.
IPs can also be sniffed out thus showing the approximate range of available IPs in your network.
QFT.
Run a standalone radius server from your wired network from behind at least three levels of firewall!!!
- Oct 25, 1999
- 29,548
- 424
- 126
Nope, this is like people in New York City that have a different level of Security needs for thier Homes Cars, etc., than poeple who live in a guarded retirement community in Florida.
Or as an example, I am right Now as we speak, on an Island with No Cars allowed (I.e. No War Driving). None of my neighbors within few hundred feet has Wireless, and I am surrounded with thick Green Garden.
:sun:
Zap
Elite Member
- Oct 13, 1999
- 22,377
- 7
- 81
I'll buck the trend and say yes. Nearly everything can be broken into. If you're paranoid where do you stop? Disable broadcase SSID, WPA, MAC filtering, RADIUS, VPN, static IP... where does the madness end?
Ya know what? The average neighbor barely knows how to check email, let alone spoof MAC addresses. If your neighbors have wireless, chances are one of them does not have any protection at all. If someone wanted free internet they'll do the easy thing and just connect to the one with no protection. If someone wanted to do damage and steal data for profit, they'll go after some kind of business, likely a financial institution, not some homeowner with a second mortgage, car payments and a son in college.
Can somoene sniff the network and find a packet with the SSID, a valid MAC and IP? Sure, but not the AVERAGE user. Airopeek is pretty spendy (not sure if it's in the warez circles much) and other then that, is there a decent wireless based sniffer?
Throw encryption on top of that and I feel that a home user is "ok". Even with WEP128, with no SSID, and mac filtering, the average war driver will just grab the guy next door/down the street/a few blocks over who is broadcasting a nonencrypted signal with "linksys" for the ssid.
If your equipment does not support no SSID (i.e. has issues) then maybe you should consider decent equipment. No SSID with various levels of security is REQUIRED for a card to be Cisco wireless compatible (CCX). I've not found a card that has a hard time with this.
Throw encryption on top of that and I feel that a home user is "ok". Even with WEP128, with no SSID, and mac filtering, the average war driver will just grab the guy next door/down the street/a few blocks over who is broadcasting a nonencrypted signal with "linksys" for the ssid.
If your equipment does not support no SSID (i.e. has issues) then maybe you should consider decent equipment. No SSID with various levels of security is REQUIRED for a card to be Cisco wireless compatible (CCX). I've not found a card that has a hard time with this.
There are plenty of free wireless sniffers. KisMac for OSX, Kismet, etc.
Just remember the rule, security through obscurity != security.
Then I'm assuming you know everyone who happens to drive past your place of residence?
At least use WEP or WPA. Far easier to set up than MAC address filtering and more secure. Like I said, not only does it provide your network with protection on who can join the network, but provides packet level encryption as well. Something MAC address filtering won't address.
"No one will go through my trash to steal my identiy!"
Just remember the rule, security through obscurity != security.
Then I'm assuming you know everyone who happens to drive past your place of residence?
At least use WEP or WPA. Far easier to set up than MAC address filtering and more secure. Like I said, not only does it provide your network with protection on who can join the network, but provides packet level encryption as well. Something MAC address filtering won't address.
"No one will go through my trash to steal my identiy!"
mac filtering is more than enough to keep the average home user off your network. OR wep/wap key. As long as it's not completely open, you're probably fine.
That said, here's what I do:
I have a 64bit wep key (more for an annoyance than anything), and occasionally check to see what MAC addresses have registered themselves with the router. If it's not a MAC/computername that I recognize, I block that MAC. Works fine for me, and I'm in an apartment building with plenty of people who might want to get on my network, and some who might even have technical skills. General rule though, is that nobody cares enough to spend more than 5 minutes or so on it.
That said, here's what I do:
I have a 64bit wep key (more for an annoyance than anything), and occasionally check to see what MAC addresses have registered themselves with the router. If it's not a MAC/computername that I recognize, I block that MAC. Works fine for me, and I'm in an apartment building with plenty of people who might want to get on my network, and some who might even have technical skills. General rule though, is that nobody cares enough to spend more than 5 minutes or so on it.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
-
-
Facebook
Twitter