1. Home
  2. Wireless Networking
  3. Advantages of encryption security over a simple MAC Filter?

Advantages of encryption security over a simple MAC Filter?

I recently discovered that a few people are accessing the internet via my unsecured wireless network. In my quest I found that the 64/128 bit Wep encryption is the norm...

However, what about just setting up a MAC filter?

Im probably like most users in that my network consists of just a few wireless devices... why do most people use encryption ( WAP(2)/Radius/Wep ) instead of just manually listing the permitted MACs that can access the wireless network.

I can see for a big business with many computers this would be too time consuming, but for home or small office wouldnt a MAC filter be the MOST secure and have the LEAST latency associated with it?? Why isnt this option ever mentioned?

Thoughts??

Reply to
benn686
Loading thread data ...

On 27 Aug 2006 01:14:47 -0700, snipped-for-privacy@hotmail.com wrote in :

It's actually too weak to be terribly effective.

Too easily spoofed to be of any real value.

Because WPA really works, and MAC filtering doesn't.

Because it's of so little value.

Read the wikis below.

Reply to
John Navas

Without encryption your traffic can be intercepted (think passwords etc...) And a potential abuser can sit within range and easily gain a list of your mac addresses that are used.. and simply kick one of your devices off the wifi network and use the mac address for himself.. called spoofing.

WEP (64 or better) has been proven to be ineffective and easily cracked. WPA or WPA2 (if supported) should be considered the bare minimum.

It's a shame manufacturers are still making wifi enabled devices with only WEP support!

Reply to
Doz

On Sun, 27 Aug 2006 10:36:35 GMT, Doz wrote in :

Yep.

I'd call it a crime.

Reply to
John Navas

MAC addresses can be spoofed. So, encryption is the better way to go. I recommend WPA instead of WEP.

Reply to
johnny

Useless.

Because its extremely easy to change the MAC of your computer to match one of the permitted ones.

Because its more or less useless, by itself.

Reply to
Mark McIntyre

If you want to gain access to a network that's using only MAC filtering here's all you need to do:

Listen to the airwaves Watch for packets destined to the access point in question. Make note of the MAC address of the machine that's sending those packets. Set your machine to use that same MAC address

Do this preferrably when that other machine isn't present or active. Voila, you're in! Since the router is only looking at the MAC address, it'll let you connect.

If you use it while that other machine is present you'll cause errors on both ends. So for a network that's got down time when the other MAC addresses aren't around it's of NO SECURITY WHATSOEVER. And even when they are around it's a hit-and-miss way to grab "some" access, causing all manner of confusion to the innocent owner of that MAC address is the meanwhile.

WEP is "less worse" in that will keep all but the most casual of hackers out. But anyone with even a trifling bit of knowledge can easily break into any WEP network. WPA is, at this point in time, the only decently secure method to use.

So no, MAC address filtering is of little or no value and WEP only trivially more secure. I suppose you could couple MAC filtering along with WPA and it might be "a bit" more secure but that just adds a configuration hassle.

-Bill Kearney

Reply to
Bill Kearney

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.