Does WPA/PSK encrypt the MAC addresses ?

Hi,

The question is as per the title : can anyone tell me whether the WPA/
PSK Wifi data protection scheme encrypts the MAC addresses of
participating controllers, or are these addresses still visible to a
snooper who doesn't have the key ?

Thanks in advance,

Mike

Mike <(E-Mail Removed)> wrote:

> Hi,
>
> The question is as per the title : can anyone tell me whether the WPA/
> PSK Wifi data protection scheme encrypts the MAC addresses of
> participating controllers, or are these addresses still visible to a
> snooper who doesn't have the key ?

The MAC addresses are sent in the clear.

> The MAC addresses are sent in the clear.

OK, thanks for that.

I suspected as much but it seemed to make the routers policy of only
accepting certain MACs as completely pointless from the security POV
so I thought I'd better check.

Thanks again,

Mike

Mike wrote:
>> The MAC addresses are sent in the clear.
>
> OK, thanks for that.
>
> I suspected as much but it seemed to make the routers policy of only
> accepting certain MACs as completely pointless from the security POV
> so I thought I'd better check.

As you see, MAC filtering is trivial to defeat!

IIRC, the IP addresses are encrypted but the MACs are not.

Jeff L. <(E-Mail Removed)> wrote:

> IIRC, the IP addresses are encrypted but the MACs are not.

Otherwise, any listening wireless network card would have to decrypt
every pakket to see if it was addressed to it, before dropping the
packet or decrypting and sending the packet up the stack.

On Fri, 13 Jul 2007 00:22:11 -0700, in alt.internet.wireless , Mike
<(E-Mail Removed)> wrote:

>> The MAC addresses are sent in the clear.
>
>OK, thanks for that.
>
>I suspected as much but it seemed to make the routers policy of only
>accepting certain MACs as completely pointless from the security POV

Not /entirely/ pointless, since it will stop passers by from
associating with your AP without realising. For example Windows has a
charming habit of silently trying to connect to any network within
range.

Also bear in mind that your security keys and passwords can be
obtained by social engineering whereas hardly anyone knows their MAC
address off by heart. So it just adds a bit of complexity to the
puzzle for would-be crackers.
--
Mark McIntyre

On Fri, 13 Jul 2007 16:53:29 +0100, Mark McIntyre wrote:
>>> The MAC addresses are sent in the clear.
> Not /entirely/ pointless, since it will stop passers by from
> associating with your AP without realising.

I always wondered ... what would happen if two identical MACs were on the
same network?

What exactly happens?

Is it as simple as all packets are available to both computers?
Or is it more complicated than that?

"Jeff L." <(E-Mail Removed)> hath wroth:

>IIRC, the IP addresses are encrypted but the MACs are not.

Nice forged posting. Accurate too. Too bad that's not my Yahoo
account.

However, I do appreciate the effort. I'll be out of service for a
while next month and can use someone to temporarily take my place. You
supply the techy answers. Just borrow some of my standard insults and
abuse from my previous postings and nobody will know that it's really
not me. Also, you might want to clone my standard signature so that
your forgery looks more authentic.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"George D." <(E-Mail Removed)> hath wroth:

>I always wondered ... what would happen if two identical MACs were on the
>same network?
>What exactly happens?

Traffic to and from both MAC's would be a muddled mess as both devices
would almost simultaneously respond to packets, resulting in a very
confused sender. At best, there would be dupes. However since the
DTIM interval is set by MAC address, it's highly likely that the ACK's
will be simulaneous. Dupes are normally discarded so it would appear
as a very high packet loss. Traffic to other devices would work
normally.

ARP requests for two different IP's owned by the cloned MAC's will
result in arpwatch declaring a duplicate MAC(???) error. If the IP's
are identical, then arpwatch will not notice the problem.

Cloning the MAC address of the access point causes massive dupes and
subsequent massive dropped packets. It effectively shuts down the
system. It makes a great DoS attack that unfortunately cannot be
defeated by encryption or filtering. While it's trivial to change the
MAC address of a client radio, changing the MAC address of the access
point is impossible or futile.

Detecting duplicate MAC's is also difficult as a sniffer can't
distinguish between the two sources of packets.

Happy? Now you can go forth and trash all the wireless networks you
can find. The end of civilization as we know it will surely folllow.

>Is it as simple as all packets are available to both computers?
>Or is it more complicated than that?

This is wireless, where nothing is simple.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558