John Navas wrote in news: snipped-for-privacy@4ax.com:
HaHa, no, really doing nothing illegal (or even immoral), I guess I'm a little suspicious of a gov. sponsored AP that offers no encryption of it's own.
Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:
some question as to whether most of these AP's could be running security programs to detect phoney MAC addresses, in which case make "any numbers you find entertaining" not good advice.
Don't know why you default to WAP11 or other linksys/dlink toys? Have read they are not any good, according to user reports, or are too weak generally speaking for remote access, unless supplemented with a good antenna; probaby iffy even at that.
Notice you put "advanced" in quotes, they should all have this feature.
Just finished reading a few papers on security software that can detect real MACs from made up/cloned MAC addresses and block access on that basis. Used to block people who are engaged in attempts to break into a network or run a rogue AP. Sounds like they can still block by MAC address and other ways-RF fingerprint, etc. to disallow access based on whatever criteria they want. Maybe they are not even trying to block at all, maybe I just have had power/signal problems, but seems prudent to determine if they have the capability to block capriciously if they so decide before investing money in equipment they have the power to effectively turn off. At least if I pay for cable/dsl, I can have a reasonable expectation that they have to provide the service, not so with some gov. admin'ed wireless link.
Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:
some question as to whether most of these AP's could be running security programs to detect phoney MAC addresses, in which case make "any numbers you find entertaining" not good advice.
Don't know why you default to WAP11 or other linksys/dlink toys? Have read they are not any good, according to user reports, or are too weak generally speaking for remote access, unless supplemented with a good antenna; probaby iffy even at that.
Notice you put "advanced" in quotes, they should all have this feature.
Just finished reading a few papers on security software that can detect real MACs from made up/cloned MAC addresses and block access on that basis. Used to block people who are engaged in attempts to break into a network or run a rogue AP. Sounds like they can still block by MAC address and other ways-RF fingerprint, etc. to disallow access based on whatever criteria they want. Maybe they are not even trying to block at all, maybe I just have had power/signal problems, but seems prudent to determine if they have the capability to block capriciously if they so decide before investing money in equipment they have the power to effectively turn off. At least if I pay for cable/dsl, I can have a reasonable expectation that they have to provide the service, not so with some gov. admin'ed wireless link.
On Fri, 16 Jun 2006 21:21:02 +0000 (UTC), JDavidson wrote in :
Why would any encryption be needed on an open public access point?
On Fri, 16 Jun 2006 21:40:05 +0000 (UTC), JDavidson wrote in :
I don't know what you're referring to, but I've never seen such a defense that can't be defeated fairly easily.
Now there's a thought. :)
Why? Seriously.
In fact they could cut you off more easily than the govt.
"sophisticated security software" it may not be. It may just be long experience, and knowing what those bits mean. While the first three octets of the MAC can have 16.8 million values, only about 9300 of them are valid. If you are referring to the "Global" verses "Local" administration flag, take that with a _very_ large grain of salt. None the less, there are other indications within the packet, even if the packet is encrypted, that can catch the eye of a knowledgeable admin. Once suspicion is raised, out come the more interesting tools, if they really are concerned and capable.
Old guy
snipped-for-privacy@painkiller.example.tld (Moe Trin) wrote in news: snipped-for-privacy@compton.phx.az.us:
My understanding is that the MAC addresses are never encrypted. The software programs I am alluding to use, among other things draw on the list of "official"ly assigned MAC addresses. I've never heard of an admin. doing anything with encrypted packets, except dropping them because they are encrypted.
Above. Also, that list of 9300 can be narrowed down a lot more, simply because we know that a large number of those OUIs can't appear on wireless (or on this or that type of wired LAN).
Depends - it's a fairly common problem where you have users who think they can use company or school computers to surf pr0n because they've encrypted the link and therefore, nobody will _ever_ know. Instead of dropping the packets, we usually drop the user. Much less of a hassle.
Know what is normal on the LAN, and then what is not normal tends to be pretty obvious.
Old guy
On Sat, 17 Jun 2006 21:14:42 +0000 (UTC), JDavidson wrote in :
Drawing on a "list of 'official'ly assigned MAC addresses" is worthless.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.