[NTLK] Mac Fitering And Encryption
Terence Griffin
terence.griffin at nist.gov
Thu Mar 22 17:12:58 EDT 2012
Oh, right. I was thinking they reserved by host name, which would be
silly. Glad I use WPA2.
On 03/22/2012 02:52 PM, Jeremy O'Brien wrote:
> What's to stop me from picking a static IP and MAC of a valid client?
> Yes, you will have some "interesting" results stemming from duplicate
> IPs on your network, but I will be on your network and able to
> communicate with your hosts.
>
> I mean, any layer of "security" will help, but using stronger
> authentication and encryption like WPA2 is the meat and potatoes. If
> someone can crack WEP, chances are good they can also circumvent those
> "annoyance" defenses like static IPs and MAC filtering.
>
> On Thu, Mar 22, 2012 at 02:12:50PM -0400, Terence Griffin wrote:
>> How about reserving DHCP and limiting local IP address? Does that help
>> keep outsiders off?
>>
>>
>> On 03/22/2012 01:10 PM, Jeremy O'Brien wrote:
>>> On Wed, Jun 15, 2011 at 04:37:55PM +0000, ssgconway at juno.com wrote:
>>>> My WEP experience has been, as far as I know, good, security-wise. Visitors who ask to get on-line have to be added to the MAC Address list or they cannot get on.
>>> Both are false. If someone wanted to get on your network, your WEP key
>>> can be cracked within _minutes_, and MAC address whitelisting is useless
>>> if you have at least one authenticated client on your network. The MAC
>>> address that the OS sends when it does its authentication is completely
>>> handled in software, and can be changed very easily. So all an attacker
>>> has to do is clone an authenticated clients' MAC address and boom, he's
>>> on.
>>>
>>> If I were parked outside your house and all you had was WEP and MAC
>>> address filtering, I could be on your network in 5 minutes tops.
>>>
>>> Not trying to hate, just trying to spread awareness of the _extreme_
>>> insecurity of WEP and the ease of breaking it and MAC address filtering.
>>>
>>> If you're actually concerned about your wireless security, at least use
>>> WPA2. Otherwise, you might as well be running an open network.
>>>
>>> Jeremy
>>>
>>> ====================================================================
>>> The NewtonTalk Mailing List - http://newtontalk.net/
>>> The Official Newton FAQ - http://splorp.com/newton/faq/
>>> The Newton Glossary - http://splorp.com/newton/glossary/
>>> WikiWikiNewt - http://tools.unna.org/wikiwikinewt/
>>> ====================================================================
>>
>> ====================================================================
>> The NewtonTalk Mailing List - http://newtontalk.net/
>> The Official Newton FAQ - http://splorp.com/newton/faq/
>> The Newton Glossary - http://splorp.com/newton/glossary/
>> WikiWikiNewt - http://tools.unna.org/wikiwikinewt/
>> ====================================================================
More information about the NewtonTalk
mailing list