|
-
May 9th, 2005, 05:22 AM
#11
Originally posted here by Negative
Get rid of the MAC filtering - it'll only give your attacker more info
Could you elaborate on this point? 
- Xierox
"Personality is only ripe when a man has made the truth his own."
-- Søren Kierkegaard
-
May 9th, 2005, 02:57 PM
#12
-
May 9th, 2005, 03:20 PM
#13
I agree that MAC filtering is defeatable, but it still adds one more layer of protection. In an environment with 1-2 wireless users MAC filtering is great. I use it on my home LAN and wouldn't operate without it. Yes, someone can sniff my MAC and use it, but I don't use my the wireless from my laptop all that often. This would mean an intruder would be forced to sniff my network for days-weeks at a time just to sniff out the right MAC to use. Can it be broken easily, yes. But it still increases the time it would take someone to jump on your network.
The likeness of the security guard is without MAC filtering, its like leaving the door open and letting anyone walk through regardless of what name tag they're wearing.
-
May 9th, 2005, 03:29 PM
#14
xierox,
MAC address filtering is easy to defeat for someone who has the right tools. Using a wireless sniffer an attacker can watch the wireless traffic of your network and easily pick MAC addresses of valid users out of the frames floating through the air, even if they are encrypted.
From This article (I had this link from an old thread) This was the first indication that MAC filtering was relatively useless and once I read further into the WPA-PSK encryption method, I realized that the only thing that actually secured my network was the passphrase. It's amazing the information a cracker can get from the "4 Way Handshake". You can check out this thread if you want an elaboration on the subject matter.
XTC46 and myself had a debate on this some time ago and I came to this conculsion:
Is MAC filtering better than nothing? Yes. However, for someone who is tech savvy and knows how to use wireless sniffers and other tools of the trade, I believe MAC Filtering is of no help to the Admin trying to stop him/her/it from accessing the network.
Now, after reading the article Negative provided, it just reinforced my beliefs that MAC filtering is hardly a useful security mechanism. My guess (and the only reason I say it's better than nothing)? The slim chance that it might stop a not-so-tech-savvy cracker, an "idiot" if you will.
Yes Yes, I know...I'm contradicting myself. I say disabling the SSID is pointless and don't use it, yet I say MAC filtering is just about pointless but I use it. The simple answer: it makes the guys that use the LAN at work happy. They seem to think it's this wonderful end-all solution to securing the network, so I just nod my head and go back to planting the greener grass on the other side of the fence 
The object of war is not to die for your country but to make the other bastard die for his - George Patton
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote