Does WPA/PSK encrypt the MAC addresses ?

Hi,

The question is as per the title : can anyone tell me whether the WPA/ PSK Wifi data protection scheme encrypts the MAC addresses of participating controllers, or are these addresses still visible to a snooper who doesn't have the key ?

Thanks in advance,

Mike

Reply to
Mike
Loading thread data ...

The MAC addresses are sent in the clear.

Reply to
Axel Hammerschmidt

OK, thanks for that.

I suspected as much but it seemed to make the routers policy of only accepting certain MACs as completely pointless from the security POV so I thought I'd better check.

Thanks again,

Mike

Reply to
Mike

As you see, MAC filtering is trivial to defeat!

Reply to
Larry Finger

IIRC, the IP addresses are encrypted but the MACs are not.

Reply to
Jeff L.

Otherwise, any listening wireless network card would have to decrypt every pakket to see if it was addressed to it, before dropping the packet or decrypting and sending the packet up the stack.

Reply to
Axel Hammerschmidt

Not /entirely/ pointless, since it will stop passers by from associating with your AP without realising. For example Windows has a charming habit of silently trying to connect to any network within range.

Also bear in mind that your security keys and passwords can be obtained by social engineering whereas hardly anyone knows their MAC address off by heart. So it just adds a bit of complexity to the puzzle for would-be crackers.

Reply to
Mark McIntyre

I always wondered ... what would happen if two identical MACs were on the same network?

What exactly happens?

Is it as simple as all packets are available to both computers? Or is it more complicated than that?

Reply to
George D.

"Jeff L." hath wroth:

Nice forged posting. Accurate too. Too bad that's not my Yahoo account.

However, I do appreciate the effort. I'll be out of service for a while next month and can use someone to temporarily take my place. You supply the techy answers. Just borrow some of my standard insults and abuse from my previous postings and nobody will know that it's really not me. Also, you might want to clone my standard signature so that your forgery looks more authentic.

Reply to
Jeff Liebermann

"George D." hath wroth:

Traffic to and from both MAC's would be a muddled mess as both devices would almost simultaneously respond to packets, resulting in a very confused sender. At best, there would be dupes. However since the DTIM interval is set by MAC address, it's highly likely that the ACK's will be simulaneous. Dupes are normally discarded so it would appear as a very high packet loss. Traffic to other devices would work normally.

ARP requests for two different IP's owned by the cloned MAC's will result in arpwatch declaring a duplicate MAC(???) error. If the IP's are identical, then arpwatch will not notice the problem.

Cloning the MAC address of the access point causes massive dupes and subsequent massive dropped packets. It effectively shuts down the system. It makes a great DoS attack that unfortunately cannot be defeated by encryption or filtering. While it's trivial to change the MAC address of a client radio, changing the MAC address of the access point is impossible or futile.

Detecting duplicate MAC's is also difficult as a sniffer can't distinguish between the two sources of packets.

Happy? Now you can go forth and trash all the wireless networks you can find. The end of civilization as we know it will surely folllow.

This is wireless, where nothing is simple.

Reply to
Jeff Liebermann

They clash.

In the cases I've come across, only one of the two devices works properly. I have a feeling they'd be ok on two physically distinct subnets.

Reply to
Mark McIntyre

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.