MAC address

On a security related note, would a wireless router accept a logon
attempt from another wireless device if one with the same MAC address
was already logged on?

AJH


sylva@despammed.com

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On a security related note, would a wireless router accept a logon
> attempt from another wireless device if one with the same MAC address
> was already logged on?

In theory, I think manufacturer-assigned MAC addresses are unique throughout
the world. However there's nothing to stop someone spoofing an existing MAC
address. I can imagine it may confuse DHCP.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On a security related note, would a wireless router accept a logon
> attempt from another wireless device if one with the same MAC address
> was already logged on?
>
The majority of them would , yes , and then problems would ensue when you
have a duplicate MAC on the network



--
Alex

New laptop - Sig missing

On Mon, 8 Oct 2007 20:28:34 +0100, "Dr Zoidberg"
<AlexNOOOO!!!!!!@drzoidberg.co.uk> wrote:

><(E-Mail Removed)> wrote in message
>news:(E-Mail Removed).. .
>> On a security related note, would a wireless router accept a logon
>> attempt from another wireless device if one with the same MAC address
>> was already logged on?
>>
>The majority of them would , yes , and then problems would ensue when you
>have a duplicate MAC on the network

As I wish to allow visiting laptops to connect but don't want to have
to give them a password I was asking to see switching on mac address
authentication might work. Normally the wireless ap on the router is
off as my little lan is via ethernet.

So I'd be quite happy if the router showed a problem if two wireless
devices with the same MAC address as the only time the wireless would
be on would be when I wanted a known device to have access.

What I don't want is to open the wireless access point on the router
to every passer by.

AJH

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Mon, 8 Oct 2007 20:28:34 +0100, "Dr Zoidberg"
> <AlexNOOOO!!!!!!@drzoidberg.co.uk> wrote:
>
>><(E-Mail Removed)> wrote in message
>>news:(E-Mail Removed). ..
>>> On a security related note, would a wireless router accept a logon
>>> attempt from another wireless device if one with the same MAC address
>>> was already logged on?
>>>
>>The majority of them would , yes , and then problems would ensue when you
>>have a duplicate MAC on the network
>
> As I wish to allow visiting laptops to connect but don't want to have
> to give them a password I was asking to see switching on mac address
> authentication might work. Normally the wireless ap on the router is
> off as my little lan is via ethernet.
>
> So I'd be quite happy if the router showed a problem if two wireless
> devices with the same MAC address as the only time the wireless would
> be on would be when I wanted a known device to have access.
>
> What I don't want is to open the wireless access point on the router
> to every passer by.

MAC addresses can be spoofed - if someone gets to know that your router will
accept a certain MAC address and has no other security, he might try to
override his hardware-assigned MAC address with a known-good one that will
work.

Am I correct in believing that no two wireless devices in the world have the
same MAC address as assigned by the hardware, or was that the original
intention which has now fallen by the wayside because they've run out of
addresses? How many bytes are used to identify the manufacturer and how many
to make the address unique within that manufacturer?

6 bytes would give you 281,474,976,710,656 unique addresses. If we take the
population of the earth as being about 6.7 billion
(http://www.worldometers.info/), that works out as about 42,000 addresses
per person!

On Tue, 9 Oct 2007 18:41:07 +0100, "Mortimer" <(E-Mail Removed)> wrote:

>MAC addresses can be spoofed - if someone gets to know that your router will
>accept a certain MAC address and has no other security, he might try to
>override his hardware-assigned MAC address with a known-good one that will
>work.


I know, which is why I asked if the router would react to it in some
way. Then if there is only one wireless device MAC address in the
accepted list whilst the wireless access point is enabled and that is
a laptop in use the router should be secure??

AJH

In article <(E-Mail Removed)>,
(E-Mail Removed) says...
> On Tue, 9 Oct 2007 18:41:07 +0100, "Mortimer" <(E-Mail Removed)> wrote:
>
> >MAC addresses can be spoofed - if someone gets to know that your router will
> >accept a certain MAC address and has no other security, he might try to
> >override his hardware-assigned MAC address with a known-good one that will
> >work.
>
>
> I know, which is why I asked if the router would react to it in some
> way. Then if there is only one wireless device MAC address in the
> accepted list whilst the wireless access point is enabled and that is
> a laptop in use the router should be secure??
>
No - any machine claiming to have that MAC address can gain access, and
if two or more machines with the same MAC address start talking at once
then the behaviour is undefined.

(E-Mail Removed) wrote:

> As I wish to allow visiting laptops to connect but don't want to have
> to give them a password I was asking to see switching on mac address
> authentication might work. [...] What I don't want is to open the
> wireless access point on the router to every passer by.

Running a VPN server would be one way to solve the problem.

In this scenario, the access point would only allow access to the VPN
server, not elsewhere.

A VPN client would have to be installed on the visiting laptops. Or, you
could be using some kind of VPN scheme that is supported out-of-the box,
in most cases. (PPTP would be that kind solution on the Windows platform
as setting it up would typically only require going through a simple
wizard in the network settings.)

The users could then log in via a personal username and account - both
of which you can grant or revoke at any time - and access Internet via
the VPN tunnel.

Probably not the kind of easy solution you're after, though. Setting up
the server part of this deal could be a problem as well. (I have an
always-on Linux box running in the closet and handling all kinds of
firewall, NAT, personal web server, etc. duties, so I'd probably make
that machine the VPN server, too, if I were to build such system. But if
you don't have anything like that, you'd first need to figure out where
to run it all.)

--
znark

"Jukka Aho" <(E-Mail Removed)> wrote in message
news:wM3Pi.235618$(E-Mail Removed) i.fi...
> (E-Mail Removed) wrote:
>
>> As I wish to allow visiting laptops to connect but don't want to have
>> to give them a password I was asking to see switching on mac address
>> authentication might work. [...] What I don't want is to open the
>> wireless access point on the router to every passer by.
>
> Running a VPN server would be one way to solve the problem.
>
> In this scenario, the access point would only allow access to the VPN
> server, not elsewhere.
>
> A VPN client would have to be installed on the visiting laptops. Or, you
> could be using some kind of VPN scheme that is supported out-of-the box,
> in most cases. (PPTP would be that kind solution on the Windows platform
> as setting it up would typically only require going through a simple
> wizard in the network settings.)
>
> The users could then log in via a personal username and account - both of
> which you can grant or revoke at any time - and access Internet via the
> VPN tunnel.
>
> Probably not the kind of easy solution you're after, though. Setting up
> the server part of this deal could be a problem as well. (I have an
> always-on Linux box running in the closet and handling all kinds of
> firewall, NAT, personal web server, etc. duties, so I'd probably make that
> machine the VPN server, too, if I were to build such system. But if you
> don't have anything like that, you'd first need to figure out where to run
> it all.)
>
Do you not think that this is ridiculously complicated for home use?

Just give them the WPA key and change it when they have left



--
Alex

New laptop - Sig missing

On Wed, 10 Oct 2007 15:59:34 +0100, "Dr Zoidberg"
<AlexNOOOO!!!!!!@drzoidberg.co.uk> wrote:

>Do you not think that this is ridiculously complicated for home use?

I think so
>
>Just give them the WPA key and change it when they have left

Yes given Rob Morley's reply I shall have to set up wep or wpa and
give out the password. In fact it's easier for me just to offer them
an ethernet plug.

AJH