How secure is MAC Address Filtering?

Hi all,

The question have is that if I have the MAC address filtering turned on, and
my laptop is the only node allowed on the wireless router, is there any
point in turning on the encryption feature? Does someone have to be able to
connect to my router inorder to sniff out my packets, or can they do this
regardless because of it being a wireless connection? Also, is it possible
for someone to impersonate a MAC address? The reason for asking this
question is that I'm optomizing my wireless network for performance, but I
need to be sure that I'm protected from outside intruders.

Thanks Doug

Doug wrote:

> Hi all,
>
> The question have is that if I have the MAC address filtering turned on,
> and my laptop is the only node allowed on the wireless router, is there
> any
> point in turning on the encryption feature?

It's always a bad idea to turn it off.

> Does someone have to be able
> to connect to my router inorder to sniff out my packets, or can they do
> this
> regardless because of it being a wireless connection?

A connection to the AP is not needed to sniff your packets.

> Also, is it
> possible
> for someone to impersonate a MAC address?

The MAC address of your client is known after sniff only one packet and can
be changes easily. On Linux systems it's just a simple command.

Thomas

Thanks Thomas... that's very useful info to know. One thing that I'm
curious about is that if a hacker does not have to connect to an AP to get
access to my packets, then what method do they use for doing this?

I'll be encrypting my wireless network. There are several different
encryption options for me to use, and I'm not sure which is the most secure
option to use. One option is 'WPA Pre-Shared Key' with a WPA algorithm of
either TKIP or AES, and another is WEP with 128 bit encryption. Is one
better than the other?

Thanks Doug

"Thomas Krüger" <(E-Mail Removed)> wrote in message
news:cmpsdd$bch$04$(E-Mail Removed)...
> Doug wrote:
>
> > Hi all,
> >
> > The question have is that if I have the MAC address filtering turned on,
> > and my laptop is the only node allowed on the wireless router, is there
> > any
> > point in turning on the encryption feature?
>
> It's always a bad idea to turn it off.
>
> > Does someone have to be able
> > to connect to my router inorder to sniff out my packets, or can they do
> > this
> > regardless because of it being a wireless connection?
>
> A connection to the AP is not needed to sniff your packets.
>
> > Also, is it
> > possible
> > for someone to impersonate a MAC address?
>
> The MAC address of your client is known after sniff only one packet and
can
> be changes easily. On Linux systems it's just a simple command.
>
> Thomas
>

oh wait... ignore the question about the type of encryption to use. I found
the answer to that further up in the news group.

Thanks.

"Doug" <(E-Mail Removed)> wrote in message
news:P5%jd.158295$%k.133522@pd7tw2no...
> Thanks Thomas... that's very useful info to know. One thing that I'm
> curious about is that if a hacker does not have to connect to an AP to get
> access to my packets, then what method do they use for doing this?
>
> I'll be encrypting my wireless network. There are several different
> encryption options for me to use, and I'm not sure which is the most
secure
> option to use. One option is 'WPA Pre-Shared Key' with a WPA algorithm of
> either TKIP or AES, and another is WEP with 128 bit encryption. Is one
> better than the other?
>
> Thanks Doug
>
> "Thomas Krüger" <(E-Mail Removed)> wrote in message
> news:cmpsdd$bch$04$(E-Mail Removed)...
> > Doug wrote:
> >
> > > Hi all,
> > >
> > > The question have is that if I have the MAC address filtering turned
on,
> > > and my laptop is the only node allowed on the wireless router, is
there
> > > any
> > > point in turning on the encryption feature?
> >
> > It's always a bad idea to turn it off.
> >
> > > Does someone have to be able
> > > to connect to my router inorder to sniff out my packets, or can they
do
> > > this
> > > regardless because of it being a wireless connection?
> >
> > A connection to the AP is not needed to sniff your packets.
> >
> > > Also, is it
> > > possible
> > > for someone to impersonate a MAC address?
> >
> > The MAC address of your client is known after sniff only one packet and
> can
> > be changes easily. On Linux systems it's just a simple command.
> >
> > Thomas
> >
>
>

Doug wrote:

> Thanks Thomas... that's very useful info to know. One thing that I'm
> curious about is that if a hacker does not have to connect to an AP to get
> access to my packets, then what method do they use for doing this?

They are setting the wireless card into rfmon mode (aka monitor mode).
In this mode the card receives every packet on one channel.

Thomas

Thanks... I found an interesting document on the net last night which
covered security issues on wireless networks. Good to understand when
protecting you networks, and knowing what the vulnerabilities of your
network might be given the type of encryption your using. In particular, it
describes just how unsecure WEP encryption really is...

Here's a link...
http://hyatus.dune2.info/Wireless_80...ss_hacking.pdf

Doug

"Thomas Krüger" <(E-Mail Removed)> wrote in message
news:cmq0ku$qv9$00$(E-Mail Removed)...
> Doug wrote:
>
> > Thanks Thomas... that's very useful info to know. One thing that I'm
> > curious about is that if a hacker does not have to connect to an AP to
get
> > access to my packets, then what method do they use for doing this?
>
> They are setting the wireless card into rfmon mode (aka monitor mode).
> In this mode the card receives every packet on one channel.
>
> Thomas

"Doug" <(E-Mail Removed)> wrote in message
news:Es6kd.164567$nl.26642@pd7tw3no...
> Thanks... I found an interesting document on the net last night which
> covered security issues on wireless networks. Good to understand when
> protecting you networks, and knowing what the vulnerabilities of your
> network might be given the type of encryption your using. In particular,
> it
> describes just how unsecure WEP encryption really is...
>
> Here's a link...
> http://hyatus.dune2.info/Wireless_80...ss_hacking.pdf
>
> Doug
>

Maybe, maybe not. Some sites and other sources of information about
wireless security tend to exaggerate things, possibly to get you to buy
things. If I had a very information-sensitive network, I definitely would
not go WEP. But for my home use, WEP is fine.

A little OT, but I also found that Nortons and McAfee tend to exaggerate
virus threats also, in order to sell products. I do have a virus-protection
program on my computer but I use it in a reactive rather than a proactive
manner. I find that Nortons does more harm to my computer than not, so I'm
left to getting rid of a virus after it has arrived. Still, in 20 years of
computer use here at home, I've had ONE virus.

So as is always the case when evaluating information, consider the source
and then make decisions.

Alan

On Tue, 16 Nov 2004 00:47:17 GMT, "Alan Bernardo" <(E-Mail Removed)>
wrote:

>A little OT, but I also found that Nortons and McAfee tend to exaggerate
>virus threats also, in order to sell products.

even more OT - it annoys me when AdAware tells me that a tracking
cookie is "Critical".

But it is free!
--
FREE phonecalls with other TalkTalk customers: <http://www.bizorg.co.uk/shopping/talktalk/>
Locate your Mobile phone: <http://www.bizorg.co.uk/news.html>

Doug <(E-Mail Removed)> wrote:

> Thanks... I found an interesting document on the net last night which
> covered security issues on wireless networks. Good to understand when
> protecting you networks, and knowing what the vulnerabilities of your
> network might be given the type of encryption your using. In particular, it
> describes just how unsecure WEP encryption really is...
>
> Here's a link...
> http://hyatus.dune2.info/Wireless_80...ss_hacking.pdf

I only glanced through this document, but closest thing to a conclusion
about *how* insecure WEP is that I saw is on page 18: "When network
traffic is near the capacity of 11Mbps, cracking a 40-bit WEP key may
take three to four hours." I didn't see any estimates for 128-bit WEP or
for higher (802.11g) transmission rates. If anybody knows of such
estimates, please post!

In an admittedly "lucky run" sniffing a ping flood, Rob Flickenger was
able to crack 40-bit WEP in just under 90 minutes
<http://www.oreillynet.com/pub/a/wireless/excerpt/wirlsshacks_chap1/>;
but this result may have been aided by the "weak IVs" created by older
firmware. (See Tim F's comment "The Myth of Easy WEP cracking" below the
main article.)

In any case, cracking WEP still requires a significant investment of
time by somebody within range of your wireless network. Even after he's
cracked your network, an intruder would then have to crack the
individual computers on it or wait for something useful to fly by in the
packet stream. (You don't send your credit card number via unencrypted
email, do you?)

If you've got to worry about something, worry about 4-digit PINs for
bank cards, or the lax security that often surrounds medical records, or
how easy it is to pick the lock of your front door, or how many of the
drivers out there on the road are intoxicated or just plain incompetent.
If you really think you're the target of serious espionage, don't use
WEP. In fact, don't use wireless at all, cell phones included.
Otherwise, why fret about WEP?