PDA

View Full Version : LINKSYS Router Mac Filter



publicjq.8230.cst@live.ca
03-24-08, 07:44 AM
Currently I have a system that cannot handle wireless encryption. I'm
running it now without any security except I do not broadcast the
SSID. Will MAC filtering buy me any additional security or is it just
a waste of time?

John Q Public

Sebastian G.
03-24-08, 08:42 AM
publicjq.8230.cst@live.ca wrote:

> Currently I have a system that cannot handle wireless encryption. I'm
> running it now without any security except I do not broadcast the
> SSID.


Not broadcasting the SSID is no sceurity feature.

> Will MAC filtering buy me any additional security


No, unless you never use the wireless connection.

> or is it just a waste of time?

Considering that you're abusing a .NET infected MSIE 7.0 as a webbrowser,
any security is certainly wasteful.

Todd H.
03-24-08, 08:47 AM
publicjq.8230.cst@live.ca writes:

> Currently I have a system that cannot handle wireless encryption.

???? Please name the system. I challenge the assertion.

> I'm running it now without any security except I do not broadcast
> the SSID. Will MAC filtering buy me any additional security or is it
> just a waste of time?

It raises the bar for the amount of work someone interest in your
network will have to do, but for someone at all determined it is a
waste of time. Valid mac addresses can be seen over teh air along
with the SSID, so all the attacker needs to do is spoof a valid mac
and set the bssid and off they go. Freely available tools allow
it.

It's just a smidge more work than seeing the bssid in a list and
setting your card to it but maybe one more command and that's all.

--
Todd H.
http://www.toddh.net/

Sebastian G.
03-24-08, 09:46 AM
Todd H. wrote:

> publicjq.8230.cst@live.ca writes:
>
>> Currently I have a system that cannot handle wireless encryption.
>
> ???? Please name the system. I challenge the assertion.


I give you an immediate counter example: AMD PCNet 3127 PCMCIA card, based
on Aetheros 1 chipset. The official driver only supports WEP, third party
drivers don't work, and neither does WPA Supplicant.

> It raises the bar for the amount of work someone interest in your
> network will have to do, but for someone at all determined it is a
> waste of time. Valid mac addresses can be seen over teh air along
> with the SSID, so all the attacker needs to do is spoof a valid mac
> and set the bssid and off they go.


Nitpick: With proper encryption, the SSID is encrypted along with the
payload. However, it doesn't matter, since you have to break the encryption
anyway.

Victek
03-24-08, 10:44 AM
> Currently I have a system that cannot handle wireless encryption. I'm
> running it now without any security except I do not broadcast the
> SSID. Will MAC filtering buy me any additional security or is it just
> a waste of time?
>
> John Q Public

Yes, it will discourage casual users who might otherwise piggy-back on your
connection, but why can't you enable encryption?