Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

MAC address filtering as only form of wireless security?

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

MAC address filtering as only form of wireless security?

Old 03-12-04, 08:16 AM
  #1  
DVD Talk Ultimate Edition
Thread Starter
 
Join Date: Jun 2000
Posts: 4,029
Likes: 0
Received 1 Like on 1 Post
MAC address filtering as only form of wireless security?

Currently, I am using just MAC address filtering to secure my wifi, no wep or wpa. What are the potential problems with this?
Old 03-12-04, 09:16 AM
  #2  
DVD Talk Limited Edition
 
Join Date: Feb 2000
Location: College Station, TX
Posts: 6,223
Likes: 0
Received 0 Likes on 0 Posts
I would think that's pretty secure unless someone can figure out your MAC addresses.

Just make sure you have a good admin password on your wireless router.
Old 03-12-04, 09:18 AM
  #3  
DVD Talk Special Edition
 
Join Date: Aug 2003
Location: Bloomington, IN
Posts: 1,091
Likes: 0
Received 0 Likes on 0 Posts
Good question I do the same. I have had no problems for over a year and a half. From what I have read the only problem with this setup is that someone good (hacker) can mimic your MAC and gain access to the WAP. I just dont see that as a huge risk. The other potential is that the signal could be intercepted, such as inputs into web pages (CC#'s, personal info) and files that you transfer. I guess Im just not worried the range is fairly short and where I live there are only a couple of houses within range.
Old 03-12-04, 09:36 AM
  #4  
DVD Talk Legend
 
Join Date: Jan 2000
Posts: 16,171
Likes: 0
Received 1 Like on 1 Post
This will only stop someone that knows nothing about computers. MAC's are easy to capture and spoof from a wireless signal.


WEP is not very good either, but it would be the next 'level' of security.
Old 03-12-04, 01:38 PM
  #5  
DVD Talk Hall of Fame
 
Join Date: Jul 2000
Location: Houston, TX
Posts: 9,779
Likes: 0
Received 0 Likes on 0 Posts
I just use a mac filter on mine.
Old 03-12-04, 03:08 PM
  #6  
DVD Talk Special Edition
 
Join Date: Feb 2001
Posts: 1,499
Likes: 0
Received 0 Likes on 0 Posts
Same here, MAC filter and a non-broadcast SSID.
Old 03-12-04, 03:47 PM
  #7  
DVD Talk Gold Edition
 
Join Date: Mar 2000
Posts: 2,827
Likes: 0
Received 0 Likes on 0 Posts
I do MAC filtering, and WEP, and non broadcasting SSID, changed the default passwords, changed the default SSID, and turn off the wireless broadcast when I'm not using it.

Just paranoid I guess.

One of my neighbors apparently isn't doing any of this and his network is wide open... took all of 2 seconds to start using his connection.

Is there a reason you are not enabling everything? There is some overhead in using WEP and it can be cracked (apparently WPA is better in that area), but I'm thinking turn on all of the security you can unless you have specific issues when you enable some of it.
Old 03-12-04, 04:19 PM
  #8  
DVD Talk Hall of Fame
 
Join Date: Jul 2000
Location: Houston, TX
Posts: 9,779
Likes: 0
Received 0 Likes on 0 Posts
What does non-broadcast SSID mean?

I don't use WEP on mine because it makes my wireless drop much more frequently for whatever reason.
Old 03-12-04, 05:21 PM
  #9  
DVD Talk Gold Edition
 
Join Date: Oct 1999
Location: Beaverton, OR, USA
Posts: 2,536
Likes: 0
Received 0 Likes on 0 Posts
Non-broadcast means your WAP won't broadcast it's Network name. You need to specify the network name when connecting to it. I do pretty much the same thing as sniper308 on my WAP at home, plus all my PCs are firewalled.
Old 03-12-04, 05:59 PM
  #10  
DVD Talk Gold Edition
 
Join Date: Feb 1999
Location: HB, CA
Posts: 2,600
Likes: 0
Received 0 Likes on 0 Posts
I don't know why everyone keeps suggesting MAC filtering as a protective measure. It's a huge hassle and it offers zero actual protection from even the n00biest of hackers. It'll only deter your casual users who may happen to be in the area and looking for a free broadband connection to use.
Old 03-12-04, 06:27 PM
  #11  
DVD Talk Hall of Fame
 
Join Date: Jul 2000
Location: Houston, TX
Posts: 9,779
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by belboz
I don't know why everyone keeps suggesting MAC filtering as a protective measure.
What is it that someone would want to do by getting on my network besides using the internet?
Old 03-12-04, 08:03 PM
  #12  
DVD Talk Hero
 
jfoobar's Avatar
 
Join Date: Jun 2000
Posts: 39,382
Received 172 Likes on 128 Posts
Originally posted by Alyoshka
What is it that someone would want to do by getting on my network besides using the internet?
Let's just start with three very, very ominous ones:

1. Using your Internet connection as a launching pad for cyber attacks or other illegal activity. This could be anything from defacing as government website to downloading child pornography or any number of other things that might result in the FBI or U.S. Secret Service showing up at your door after they got a warrant for your ISP's access logs which showed your assigned IP address.

2. Using their access to your network to break into other systems on your network. Got that copy of your tax returns from Quicken saved on your C: drive? Ooops.

3. Because you are using no encryption betwen client and router, he can sit there and sniff your traffic with NetStumbler or any of a dozen tools.

Unencrypted wireless is stooo-pid. Have a nice day.
Old 03-12-04, 10:35 PM
  #13  
DVD Talk Hall of Fame
 
Join Date: Jul 2000
Location: Houston, TX
Posts: 9,779
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by JustinS
Let's just start with three very, very ominous ones:

1. Using your Internet connection as a launching pad for cyber attacks or other illegal activity. This could be anything from defacing as government website to downloading child pornography or any number of other things that might result in the FBI or U.S. Secret Service showing up at your door after they got a warrant for your ISP's access logs which showed your assigned IP address.

2. Using their access to your network to break into other systems on your network. Got that copy of your tax returns from Quicken saved on your C: drive? Ooops.

3. Because you are using no encryption betwen client and router, he can sit there and sniff your traffic with NetStumbler or any of a dozen tools.

Unencrypted wireless is stooo-pid. Have a nice day.
But the first two would be out because of mac address filtering, correct? If not completely out then at least legally definsable on the first. Then on the second, I don't have any personal information on my computer so a big waste of time.

The third could be bad.

I would use a WEP protection if if it didn't drop my connection ever twenty minutes.
Old 03-12-04, 10:55 PM
  #14  
JM
DVD Talk Special Edition
 
Join Date: Dec 1999
Posts: 1,156
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by Alyoshka
But the first two would be out because of mac address filtering, correct?
No. As others have pointed out, it is trivial to get around that level of protection by spoofing your MAC address.


If not completely out then at least legally definsable on the first.
The point is not necessarily that you would ultimately get in legal trouble for such a thing even though you didn't do it--hopefully the authorities would be able to figure that out eventually--but that it could lead to all kinds of hassle in the meantime that you just don't want to have to deal with at all.


Then on the second, I don't have any personal information on my computer so a big waste of time.
I think most people--even the careful ones--would be surprised at the info one could find on their computer given enough time.


I would use a WEP protection if if it didn't drop my connection ever twenty minutes.
The solution to this is to get a better wireless router and/or wireless PC card. Even so, WEP is fairly weak encryption and is pretty easily broken. However, it is a lot better than nothing and MAC filtering.
Old 03-13-04, 12:06 AM
  #15  
DVD Talk Hall of Fame
 
Join Date: Jul 2000
Location: Houston, TX
Posts: 9,779
Likes: 0
Received 0 Likes on 0 Posts
My wireless router is a brand spankin new Linksys G so I'm not really sure I can get a "better" wireless router or card.. It still doesn't work with WEP. I doubt it is worth really working hard to get it to work if it is fairly weak encryption. Wireless seems more tedious than worth it at this point, however, I split the connection with my roommate who has the dsl in his room.
Old 03-21-04, 08:26 PM
  #16  
DVD Talk Limited Edition
 
Join Date: Feb 2000
Location: Sunny Hawaii
Posts: 7,050
Received 80 Likes on 59 Posts
Without encryption, such as WEP or WPA, it is trivial to "sniff" your clear-text wireless traffic as it zooms back and forth between your Computer and the Wireless Access Point. Every time you log onto you POP e-mail server to retrieve your e-mail? Yup, your username and password go in clear text. Bing, the sniffer now has your username and password. Every web page you browse that is not HTTPS goes in clear text to your computer. They can sniff copies of that too.

With a sniffer, you can also easily capture the MAC addresses of all devices on the wireless network. It's trivial to then spoof that MAC address and gain access to the network. Same with SSID. That can be easily sniffed.

While not broadcasting SSID and using a MAC address table can be useful tools to control access to a wireless network, they will only deter casual passers-by. A determined hacker can defeat these in seconds. Plus neither one of these tactics addresses encryption. All your traffic is easily readable to anyone with a sniffer.

All wireless networks should be used with WEP or WPA. While WEP is fundamentally broken, it is still better than using nothing. It takes a non-trivial amount of effort to break, and it encrypts all your traffic. The way I see WEP, it makes your network much less desirable. Why would a hacker want to spend time and effort trying to analyze enough traffic to break your WEP key, when he can just go next door and use your neighbor's open wireless network?

If you have a Wireless Access Point and Wireless clients (cards) that support WPA, you should definitely use WPA over WEP. WPA addresses all the major shortcomings of WEP, and it is easier to implement. The weakest link of WPA is the access password. Make sure you don't choose a password that is too easy to crack.

I recommend using WPA (use WEP only if you have to) along with MAC Address control. If you have to use WEP, try to change the WEP key every couple weeks, if it's feasible.

As Justin S pointed out, open wireless networks make it easy to do all kinds of nasty things. Even though you think it might not have any impact on you, it will. I've seen open networks used to do everything from sending spam to serving porn to hacking servers. If that stuff happens on your network, it looks like it originated from you, and can get you in trouble with your service provider and the authorities.

Aloyshka, you said you have a Linksys G router. With the latest firmware, this supports WPA. Make sure your wireless card also support WPA, or buy a Linksys G card (about $50), and turn on WPA on your network.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information -

Copyright 2021 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.