[NTLK] Mac Fitering And Encryption
abrigati at gmail.com
Thu Mar 22 15:12:37 EDT 2012
Yes, WEP and MAC address filtering are trivial to crack. However, most people aren't going to make any effort _at all_ to crack wifi. The primary reason I have any wifi security on my AP at all is to keep my neighbors from leeching my signal. (Which admittedly isn't likely anyway - I have the signal strength turned down.)
And yes, they could theoretically crack it. But most people aren't going to bother. It also prevents them from doing so without realizing it, with a gadget that just goes 'hey, open access point' and uses it automagically.
Sure, WEP and filtering are pretty easy to bypass. But they're better than nothing, and if you're using old stuff like a Newton or a Nintendo DS on your wifi, it's all you can use, unless you want to fiddle with changing your settings all the time.
On Mar 22, 2012, at 2:52 PM, Jeremy O'Brien wrote:
> What's to stop me from picking a static IP and MAC of a valid client?
> Yes, you will have some "interesting" results stemming from duplicate
> IPs on your network, but I will be on your network and able to
> communicate with your hosts.
> I mean, any layer of "security" will help, but using stronger
> authentication and encryption like WPA2 is the meat and potatoes. If
> someone can crack WEP, chances are good they can also circumvent those
> "annoyance" defenses like static IPs and MAC filtering.
> On Thu, Mar 22, 2012 at 02:12:50PM -0400, Terence Griffin wrote:
>> How about reserving DHCP and limiting local IP address? Does that help
>> keep outsiders off?
>> On 03/22/2012 01:10 PM, Jeremy O'Brien wrote:
>>> On Wed, Jun 15, 2011 at 04:37:55PM +0000, ssgconway at juno.com wrote:
>>>> My WEP experience has been, as far as I know, good, security-wise. Visitors who ask to get on-line have to be added to the MAC Address list or they cannot get on.
>>> Both are false. If someone wanted to get on your network, your WEP key
>>> can be cracked within _minutes_, and MAC address whitelisting is useless
>>> if you have at least one authenticated client on your network. The MAC
>>> address that the OS sends when it does its authentication is completely
>>> handled in software, and can be changed very easily. So all an attacker
>>> has to do is clone an authenticated clients' MAC address and boom, he's
>>> If I were parked outside your house and all you had was WEP and MAC
>>> address filtering, I could be on your network in 5 minutes tops.
>>> Not trying to hate, just trying to spread awareness of the _extreme_
>>> insecurity of WEP and the ease of breaking it and MAC address filtering.
>>> If you're actually concerned about your wireless security, at least use
>>> WPA2. Otherwise, you might as well be running an open network.
>>> The NewtonTalk Mailing List - http://newtontalk.net/
>>> The Official Newton FAQ - http://splorp.com/newton/faq/
>>> The Newton Glossary - http://splorp.com/newton/glossary/
>>> WikiWikiNewt - http://tools.unna.org/wikiwikinewt/
>> The NewtonTalk Mailing List - http://newtontalk.net/
>> The Official Newton FAQ - http://splorp.com/newton/faq/
>> The Newton Glossary - http://splorp.com/newton/glossary/
>> WikiWikiNewt - http://tools.unna.org/wikiwikinewt/
> Jeremy O'Brien aka neutral_insomniac
> IRC nick: piroko
> GPG key: 0xB1140FDB http://pohl.ececs.uc.edu/~jeremy/jeremy.asc
> The NewtonTalk Mailing List - http://newtontalk.net/
> The Official Newton FAQ - http://splorp.com/newton/faq/
> The Newton Glossary - http://splorp.com/newton/glossary/
> WikiWikiNewt - http://tools.unna.org/wikiwikinewt/
More information about the NewtonTalk