MAC address on show

On wireless networks you can "protect" the network using WEP, hiding your
SSID, etc, etc. But I always thought no one could see your MAC address (the
hardware address of your wireless NIC), that was until today when I
downloaded a wireless network sniffer program!!! It showed the MAC address
of a neighbours wireless network (he was showing his SSID btw), as well as
the MAC address of my own wireless NIC.

Anyone any idea of the security risk to a wireless network of having your
MAC address showing to the world, if any?

tia

G

"Gingangooli" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
>
> Anyone any idea of the security risk to a wireless network of having your
> MAC address showing to the world, if any?
>
If you have a MAC filter on your wireless access point, then someone could
spoof your MAC address and get into your network. That is not much of a
risk insofar as I am concerned on a home network, but add WEP or WPA
security if you are worried about it.

"Jim Fox" <(E-Mail Removed)> wrote in message
news:JIOdnS1XTLQ1zircRVn-(E-Mail Removed)...
>
> "Gingangooli" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>>
>> Anyone any idea of the security risk to a wireless network of having your
>> MAC address showing to the world, if any?
>>
> If you have a MAC filter on your wireless access point, then someone could
> spoof your MAC address and get into your network. That is not much of a
> risk insofar as I am concerned on a home network, but add WEP or WPA
> security if you are worried about it.
I should have said they need the MAC address of your client card that you
have allowed through the MAC filter. I am not aware of much risk of
broadcasting the MAC address of the access point itself, apart from just
showing that the access point exists.

"Jim Fox" <(E-Mail Removed)> wrote in message
news:8IednXt8J9_xyCrcRVn-(E-Mail Removed)...
>
> "Jim Fox" <(E-Mail Removed)> wrote in message
> news:JIOdnS1XTLQ1zircRVn-(E-Mail Removed)...
> >
> > "Gingangooli" <(E-Mail Removed)> wrote in message
> > news:%(E-Mail Removed)...
> >>
> >> Anyone any idea of the security risk to a wireless network of having
your
> >> MAC address showing to the world, if any?
> >>
> > If you have a MAC filter on your wireless access point, then someone
could
> > spoof your MAC address and get into your network. That is not much of a
> > risk insofar as I am concerned on a home network, but add WEP or WPA
> > security if you are worried about it.
> I should have said they need the MAC address of your client card that you
> have allowed through the MAC filter. I am not aware of much risk of
> broadcasting the MAC address of the access point itself, apart from just
> showing that the access point exists.
>
>

Ah right. Well, my router is set to "clone" the MAC address of my "wired" PC
(this is to stop the broadband ISP rejecting my connection as when my
account was set up it was registered to the NIC in my "wired" PC). But I do
use WEP on the wireless part of my LAN. So access via the wireless
connection is pretty secure??? But that still means folk know the MAC
address of the Ethernet card???

OH...hang on though.... I just had a thought...I must check.... the MAC
address visible on the sniffer prog would be the MAC address of my wireless
card and not my primary Ethernet NIC?? I'm confused now....but thanks for
the info.

G

The MAC address(es) in the frames would be from your wireless adapter and/or
your access point. Most wireless client drivers allow the MAC address of
a client to be modified to any value. Simply configuring your client's
address to that of another client would allow you circumvent the filter and
associate. You have discovered the exact reason why MAC filtering provides
zero actual security in wireless networks.

You may also discover that 'hidden' networks are actually in plain view to a
sniffer when a client is joined to the network. Disabling the broadcast of
an SSID provides no actual security to a motivated attacker.

There are readily available tools that allow an attacker to compromise WEP
security. If you are concerned whether an intruder can view your network
traffic, I strongly recommend that you switch to a WPA secured
configuration. This will prevent unauthenticated clients from associating
to your network, ensure the integrity of your data traffic, and likely stop
passive attacks to view your data traffic.

--
Jerry Peterson
Windows Network Services - Wireless

This posting is provided "AS IS" with no warranties, and confers no rights.

"Gingangooli" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "Jim Fox" <(E-Mail Removed)> wrote in message
> news:8IednXt8J9_xyCrcRVn-(E-Mail Removed)...
>>
>> "Jim Fox" <(E-Mail Removed)> wrote in message
>> news:JIOdnS1XTLQ1zircRVn-(E-Mail Removed)...
>> >
>> > "Gingangooli" <(E-Mail Removed)> wrote in message
>> > news:%(E-Mail Removed)...
>> >>
>> >> Anyone any idea of the security risk to a wireless network of having
> your
>> >> MAC address showing to the world, if any?
>> >>
>> > If you have a MAC filter on your wireless access point, then someone
> could
>> > spoof your MAC address and get into your network. That is not much of
>> > a
>> > risk insofar as I am concerned on a home network, but add WEP or WPA
>> > security if you are worried about it.
>> I should have said they need the MAC address of your client card that you
>> have allowed through the MAC filter. I am not aware of much risk of
>> broadcasting the MAC address of the access point itself, apart from just
>> showing that the access point exists.
>>
>>
>
> Ah right. Well, my router is set to "clone" the MAC address of my "wired"
> PC
> (this is to stop the broadband ISP rejecting my connection as when my
> account was set up it was registered to the NIC in my "wired" PC). But I
> do
> use WEP on the wireless part of my LAN. So access via the wireless
> connection is pretty secure??? But that still means folk know the MAC
> address of the Ethernet card???
>
> OH...hang on though.... I just had a thought...I must check.... the MAC
> address visible on the sniffer prog would be the MAC address of my
> wireless
> card and not my primary Ethernet NIC?? I'm confused now....but thanks for
> the info.
>
> G
>
>

WOW !!! OK folks thanks for the info, I will look into switching to WPA.

G

"Jerry Peterson[MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> The MAC address(es) in the frames would be from your wireless adapter
and/or
> your access point. Most wireless client drivers allow the MAC address
of
> a client to be modified to any value. Simply configuring your client's
> address to that of another client would allow you circumvent the filter
and
> associate. You have discovered the exact reason why MAC filtering
provides
> zero actual security in wireless networks.
>
> You may also discover that 'hidden' networks are actually in plain view to
a
> sniffer when a client is joined to the network. Disabling the broadcast
of
> an SSID provides no actual security to a motivated attacker.
>
> There are readily available tools that allow an attacker to compromise WEP
> security. If you are concerned whether an intruder can view your network
> traffic, I strongly recommend that you switch to a WPA secured
> configuration. This will prevent unauthenticated clients from associating
> to your network, ensure the integrity of your data traffic, and likely
stop
> passive attacks to view your data traffic.
>
> --
> Jerry Peterson
> Windows Network Services - Wireless
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> "Gingangooli" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >
> > "Jim Fox" <(E-Mail Removed)> wrote in message
> > news:8IednXt8J9_xyCrcRVn-(E-Mail Removed)...
> >>
> >> "Jim Fox" <(E-Mail Removed)> wrote in message
> >> news:JIOdnS1XTLQ1zircRVn-(E-Mail Removed)...
> >> >
> >> > "Gingangooli" <(E-Mail Removed)> wrote in
message
> >> > news:%(E-Mail Removed)...
> >> >>
> >> >> Anyone any idea of the security risk to a wireless network of having
> > your
> >> >> MAC address showing to the world, if any?
> >> >>
> >> > If you have a MAC filter on your wireless access point, then someone
> > could
> >> > spoof your MAC address and get into your network. That is not much
of
> >> > a
> >> > risk insofar as I am concerned on a home network, but add WEP or WPA
> >> > security if you are worried about it.
> >> I should have said they need the MAC address of your client card that
you
> >> have allowed through the MAC filter. I am not aware of much risk of
> >> broadcasting the MAC address of the access point itself, apart from
just
> >> showing that the access point exists.
> >>
> >>
> >
> > Ah right. Well, my router is set to "clone" the MAC address of my
"wired"
> > PC
> > (this is to stop the broadband ISP rejecting my connection as when my
> > account was set up it was registered to the NIC in my "wired" PC). But I
> > do
> > use WEP on the wireless part of my LAN. So access via the wireless
> > connection is pretty secure??? But that still means folk know the MAC
> > address of the Ethernet card???
> >
> > OH...hang on though.... I just had a thought...I must check.... the MAC
> > address visible on the sniffer prog would be the MAC address of my
> > wireless
> > card and not my primary Ethernet NIC?? I'm confused now....but thanks
for
> > the info.
> >
> > G
> >
> >
>
>

Actually, this is dangerous:

> I am not aware of much risk of broadcasting the MAC address of the access
> point itself, apart from just showing that the access point exists.

If I were a malicious person, I'd use SMAC
(http://www.klcconsulting.net/smac/) and change the MAC address of my
computer to be that of the access point, thus directing all associations to
me. Then I'd immediately send forged 802.11 disassociation messages,
knocking all the clients off the WLAN. If I were feeling especially
malicious, I'd put a timer on it...

Even 802.1X + EAP can't stop this. Only WPA and WPA2 can, since they
incorporate a signed message integrity check called "Michael" (lacking in
802.1X + EAP). Michael will sense the forged frames and drop them.

Steve Riley
(E-Mail Removed)



"Jim Fox" <(E-Mail Removed)> wrote in message
news:8IednXt8J9_xyCrcRVn-(E-Mail Removed)...
>
> "Jim Fox" <(E-Mail Removed)> wrote in message
> news:JIOdnS1XTLQ1zircRVn-(E-Mail Removed)...
>>
>> "Gingangooli" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>>
>>> Anyone any idea of the security risk to a wireless network of having
>>> your
>>> MAC address showing to the world, if any?
>>>
>> If you have a MAC filter on your wireless access point, then someone
>> could spoof your MAC address and get into your network. That is not much
>> of a risk insofar as I am concerned on a home network, but add WEP or WPA
>> security if you are worried about it.
> I should have said they need the MAC address of your client card that you
> have allowed through the MAC filter. I am not aware of much risk of
> broadcasting the MAC address of the access point itself, apart from just
> showing that the access point exists.
>