MAC spoofing

MAC filtering is dismissed as a security measure because MAC addresses can be spoofed.

If there are two devices sharing a MAC address, won't they get the same IP address from the DHCP server? In my experience, when there are two devices with the same IP address on a network, neither of them work.

Reply to
Dave Rudisill
Loading thread data ...

My query was really directed to why it ISN'T a useful security tool, as long as your WiFi network is turned off when you aren't using it. If you rely on MAC filtering, you would immediately know when someone spoofs your address, since you lose connectivity, and the intruder doesn't get any connectivity either, no?

Reply to
Dave Rudisill

Absolutely true. So if you rely on MAC filtering for security, it's either having no effect at all (anybody spoofing your MAC is using it while you aren't) or it's preventing you, too, from accessing your network. Not a very useful situation :-)

Reply to
Derek Broughton

Dave Rudisill wrote: Snip

Networks tend to have more than one computer connected and tend not to be switched off when a single computer is.A hacker could wait until a computer is no longer apparent on his "sniffer"(he will have logged all MAC addresses for that network) spoof that MAC address and access the network.If he just wanted to be bolshy he could operate at the same time as the normal user and deny the service, that could be inconvenient for some users.

Reply to
Rob

MAC filtering can be a useful tool - it prevents non-spoofers accessing your network, and raises the general level of security.

However because there are attacks which can get round this security measure (MAC spoofing) it is unwise to rely on this as your only defence.

Likewise WEP can be broken by a determined attacker with the right software and enough data to analyse. This does not mean that you should not use it; just that you should be aware that it is not foolproof.

For a home network 128 bit WEP combined with MAC filtering should keep most attackers off your network, especially if your traffic levels are reasonably low.

Unless you are a particularly attractive target (but why?) you are probably safe in the main.

Virtually all security measures can be nullified if the attacker is determined enough and has sufficient resources. You have to measure the likely threat against the level (and cost) of the security measures.

Given the number of wireless networks around with no security at all, why would someone pick on you especially?

Cheers

Dave R

Reply to
David WE Roberts

What he said. I expect most wireless networks are on 24/7. Half of mine is (the base router down the road is always on, the WDS router in my home isn't).

MAC filtering is a useful _tool_, just not a lot of use for security. If your wireless network gets switched off when not in use, _that's_ a better security system than most people have. You can't hack a system that's not turned on!

Reply to
Derek Broughton

Yes it will keep the accidental connectors off but forget about the traffic levesl being low. A deauth attack followed by a sniff and arp replay injection soon sorts that lack of traffic.

A target can be as simple as the fact that it's WEP, next door to a bored teenager.

Precisely other than my comment above.

David.

Reply to
David Taylor

It seems silly to dismiss using MAC filtering entirely simply because it can be spoofed. Its another layer, why not use it?

I've experimented with spoofing MACs, just to see the behavior of my DLink stuff. The DHCP servers wouldn't even assign an IP to a connecting device with the same MAC of a device already connected. Behavior probably varies from manufacturer to manufacturer. Play and see what your stuff does.

In the typical home environment, I think some people are way too paranoid that someone is "hiding in their bushes, waiting for the moment for a MAC/IP to become available."

Reply to
Eric
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

Because (a) it's trivial to spoof and (b) it gives a false sense of security.

Reply to
John Navas

Maybe that's a good analogy. I always leave my car doors unlocked - I don't leave anything valuable in it and if someone wants to break in, I'd rather not have glass all over the place. If I want security, I use real security, rather than security blankets.

Reply to
Derek Broughton

Perhaps, but it is still another (albeit, thin) layer of security, so why not use it?

I lock my cars doors, even though if someone wants to break in they will most likely just bust a window out.

Reply to
Eric
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

Because it isn't real security.

Different order of magnitude. A better analogy to MAC spoofing would be leaving the keys on the front tire.

Reply to
John Navas

It adds another layer of complexity to allowing guest access to your network. Many people don't (want to) know how to add another MAC address to their allowed-clients list, while they can easily handle giving a friend their WPA keyphrase.

Reply to
William P.N. Smith

Perhaps, but the would-be-thief may also overlook that key sitting on the front tire.

Its also another layer against people who, for whatever reason, try to get into the closest car available. They don't know to look for that key sitting on the tire and have a copy made.

There is no disadvantage in using MAC filtering, nor is there any advantage in not using it. So why not use it?

Reply to
Eric
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

See my prior post.

Reply to
John Navas

Again, if all you're hoping to achieve is to stop the odd stumbler, then enable *any* of the encryption methods available. That'll do it.

The disadvantage is the effort to set it up for no real gain. How about removing one wheel off your car and leaving it next to the hub to prevent people from driving off? (since we're on silly analogies?!)

David.

Reply to
David Taylor

That's exactly what happened 3 times in the last week or so. The kids are coming home for the holidaze and bringing their skool laptops. Guess what doesn't work without some router configuration? I expect another mess of phone calls as the new laptops bought for Christmas require more router configuration. I also run into problems with SSID hiding. Many wireless clients still don't work well if the router doesn't broadcast the SSID. The default action for XP SP2 WZC client is to go shopping for a "suitable" access point if it doesn't hear one with the right SSID. The common result is connecting to the neighbors instead of their own.

The good news is that I charge for effort. That helps support my decadent and lavish lifestyle. I really like complex security pretzels and obstacle courses.

Reply to
Jeff Liebermann

Well the best reason I can think for using it, after you have been 'up' for awhile and a friend comes over and wants to use your network. You might forget you have MAC filtering on (on my AP it is on a different display page from other settings) and have added trouble getting him/her connected until the light bulb clicks on and you remember you are using MAC filtering.

fundamentalism, fundamentally wrong.

Reply to
Rico

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.