• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

MAC address filter and WPA2/AES

D

dredd2929

Senior member
I have a D-Link DGL-4300

Two questions:

Does the MAC address filter only involve wireless clients? Meaning, if I enable it, do I only have to enter the MAC addresses of those systems that will connect wirelessly (or do I also have to enter those with a wired connection)?

Is AES equivalent to WPA2? I'm currently using WPA, but I'd like to switch to WPA2. My wife's laptop is an older Dell with an Intel PRO Wireless 2200BG adapter. The documentation says it supports AES encryption, but nothing about WPA2.
 
MAC filtering is normally for the wireless clients. It is also a useless security feature and really is never used so leave it off. AES encryption with a strong passphrase/key 12 characters or more will not be compromised.

Part of WPA2 was AES encryption. 2200 supports WPA2 and AES.
 
OK, thanks for the info.

Out of curiosity, why is MAC filtering worthless? It seems to me that limiting connections to uniquely identified machines would be a simple way to prevent unwanted users. I know it's possible to spoof MAC addresses, but how would someone know which address to spoof?
 
Originally posted by: dredd2929
OK, thanks for the info.

Out of curiosity, why is MAC filtering worthless? It seems to me that limiting connections to uniquely identified machines would be a simple way to prevent unwanted users. I know it's possible to spoof MAC addresses, but how would someone know which address to spoof?
Click to expand...

There are tons of tools to sniff wifi, all you need is to catch a client using the AP and you can get the MAC addresses used.
 
Originally posted by: dredd2929
OK, thanks for the info.

Out of curiosity, why is MAC filtering worthless? It seems to me that limiting connections to uniquely identified machines would be a simple way to prevent unwanted users. I know it's possible to spoof MAC addresses, but how would someone know which address to spoof?
Click to expand...

mac addresses are in the clear and cannot be encrypted.

You're preventing unauthorized access with the passphrase/key. If the client does not posses this they cannot communicate.
 
if you want security you need to use certificates. many switches/routers have certificate authentication these days.



 
Pulling MAC addresses from the air that are related to your WAP is a simple 5 minute process.. You'd be surprised how easy.
 
Originally posted by: Emulex
if you want security you need to use certificates. many switches/routers have certificate authentication these days.
Click to expand...

That is no better than AES preshared key. You're just using a different key - a cert.
 
Also, your D-Link probably has an option for "Auto (WPA or WPA2)", which allows legacy WPA nodes to connect, but it uses TKIP, an old holdover from WEP, instead of AES. WPA with TKIP isn't terrible and certainly not "insecure" (though recently partially cracked), but your absolute best security option is still WPA2 with AES as spidey has said numerous times. MAC addy's aren't encrypted and are as easy to crack as WEP.
 
Well I learned a lot from all of your advice. I appreciate it. Thankfully even my wife's older laptop is able to do AES so I'm pure WPA2 now.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top