MAC address filtering

Discussion in 'Wireless Networking' started by =?Utf-8?B?bWlrZXkgYiBmcm9tIHNk?=, Jan 26, 2006.

  1. OK, I'm trying to understand basic security..all I have is a di 524 with two
    desktops connected via ethernet.. And then i have one laptop connected via
    wireless.. Besides using WEP, I want to add MAC filtering.. My question, does
    the MAC address stay the same when the laptop "log's on" or does it change
    like an IP?. I was going to clone the MAC address and add it to the permit
    this MAC address access to the network under mac filter rules

    Do I make sense?
    =?Utf-8?B?bWlrZXkgYiBmcm9tIHNk?=, Jan 26, 2006
    #1
    1. Advertising

  2. The client MAC address stays the same. Note, however, that MAC Address
    Authentication is *NOT* a strong security measure. MAC addresses can be
    easily spoofed.

    --
    Al Jarvi (MS-MVP Windows Networking)

    Please post *ALL* questions and replies to the news group for the
    mutual benefit of all of us...
    The MS-MVP Program - http://mvp.support.microsoft.com
    This posting is provided "AS IS" with no warranties, and confers no
    rights...


    "mikey b from sd" <> wrote in message
    news:...
    > OK, I'm trying to understand basic security..all I have is a di 524 with
    > two
    > desktops connected via ethernet.. And then i have one laptop connected via
    > wireless.. Besides using WEP, I want to add MAC filtering.. My question,
    > does
    > the MAC address stay the same when the laptop "log's on" or does it change
    > like an IP?. I was going to clone the MAC address and add it to the permit
    > this MAC address access to the network under mac filter rules
    >
    > Do I make sense?
    Sooner Al [MVP], Jan 26, 2006
    #2
    1. Advertising

  3. "Sooner Al [MVP]" wrote:

    > The client MAC address stays the same. Note, however, that MAC Address
    > Authentication is *NOT* a strong security measure. MAC addresses can be
    > easily spoofed.
    >



    Well, I got this gem of an idea from the linksys website.. But this where
    I'm comming from: When the laptop starts, it is presented with 3 different
    wirelss access "possibilities" that are located in my neighborhood. So I'm a
    little bit stingy and would rather not share my 1.5 meg DSL line..

    So what do you suggest?

    Thnaks, mb sd
    =?Utf-8?B?bWlrZXkgYiBmcm9tIHNk?=, Jan 27, 2006
    #3
  4. =?Utf-8?B?bWlrZXkgYiBmcm9tIHNk?=

    __spc__ Guest

    "mikey b from sd" <> wrote in message
    news:...
    > OK, I'm trying to understand basic security..all I have is a di 524 with
    > two
    > desktops connected via ethernet.. And then i have one laptop connected via
    > wireless.. Besides using WEP, I want to add MAC filtering.. My question,
    > does
    > the MAC address stay the same when the laptop "log's on" or does it change
    > like an IP?. I was going to clone the MAC address and add it to the permit
    > this MAC address access to the network under mac filter rules
    >
    > Do I make sense?


    Each network adaptor has a unique MAC address. All data packets sent by
    WiFi include the MAC address, so anyone sniffing can grab that info, then
    spoof it.

    The best security is to have a strong WPA-PSK TKIP or better still, WPA-PSK
    AES, passphrase, like "tlshuo891ixkaiuo22", or if you can get it to work,
    include some other characters like "&" "£" "%" "!" etc.
    __spc__, Jan 28, 2006
    #4
  5. Ok, thanks for response.. Let me ask a couple more questions..

    A) When you say that the machine code or MAC addreses can be "sniffed" are
    you saying that the laptop is broadcasting it's MAC address or is it comming
    from the router itself?

    B)The D-Link 512 offers WPA or WPA2 for security options with PSK or EAP.
    The help page doesn't explain the differences.. As for the passphrase, is
    there a limit on the character length that can be used for the passphrase?

    C) And for my dumb ignorant question: It seems to me that if one enables 128
    bit security, the charcter length in the Key entry should be somewhat
    sufficient when using WEP. I suppose if somebody was parked outside my house
    for several days, they could eventually crack it.. How about if I turn down
    the antenna transmit power?

    thanks for your time.

    "__spc__" wrote:

    >
    > "mikey b from sd" <> wrote in message
    > news:...
    > > OK, I'm trying to understand basic security..all I have is a di 524 with
    > > two
    > > desktops connected via ethernet.. And then i have one laptop connected via
    > > wireless.. Besides using WEP, I want to add MAC filtering.. My question,
    > > does
    > > the MAC address stay the same when the laptop "log's on" or does it change
    > > like an IP?. I was going to clone the MAC address and add it to the permit
    > > this MAC address access to the network under mac filter rules
    > >
    > > Do I make sense?

    >
    > Each network adaptor has a unique MAC address. All data packets sent by
    > WiFi include the MAC address, so anyone sniffing can grab that info, then
    > spoof it.
    >
    > The best security is to have a strong WPA-PSK TKIP or better still, WPA-PSK
    > AES, passphrase, like "tlshuo891ixkaiuo22", or if you can get it to work,
    > include some other characters like "&" "£" "%" "!" etc.
    >
    >
    >
    =?Utf-8?B?bWlrZXkgYiBmcm9tIHNk?=, Jan 28, 2006
    #5
  6. =?Utf-8?B?bWlrZXkgYiBmcm9tIHNk?=

    __spc__ Guest

    "mikey b from sd" <> wrote in message
    news:...
    > Ok, thanks for response.. Let me ask a couple more questions..
    >
    > A) When you say that the machine code or MAC addreses can be "sniffed" are
    > you saying that the laptop is broadcasting it's MAC address or is it
    > comming
    > from the router itself?


    All data packets sent from the laptop contain the MAC address (so that the
    router can route the data correctly, I believe).

    > B)The D-Link 512 offers WPA or WPA2 for security options with PSK or EAP.
    > The help page doesn't explain the differences.. As for the passphrase, is
    > there a limit on the character length that can be used for the passphrase?


    WPA-PSK TKIP is WPA and WPA-PSK AES is WPA2

    Within reason, I don't think that there's a limit on the WPA passphrase -
    it's not like WEP which has to have certain length keys depending on the
    bit-level of encryption.

    > C) And for my dumb ignorant question: It seems to me that if one enables
    > 128
    > bit security, the charcter length in the Key entry should be somewhat
    > sufficient when using WEP. I suppose if somebody was parked outside my
    > house
    > for several days, they could eventually crack it.. How about if I turn
    > down
    > the antenna transmit power?


    Probably, and probably. But why not use WPA?

    > thanks for your time.


    [snip]

    You're welcome.
    __spc__, Jan 29, 2006
    #6
  7. =?Utf-8?B?bWlrZXkgYiBmcm9tIHNk?=

    Lem Guest

    mikey b from sd wrote:

    > Ok, thanks for response.. Let me ask a couple more questions..
    >
    > A) When you say that the machine code or MAC addreses can be "sniffed" are
    > you saying that the laptop is broadcasting it's MAC address or is it comming
    > from the router itself?
    >
    > B)The D-Link 512 offers WPA or WPA2 for security options with PSK or EAP.
    > The help page doesn't explain the differences.. As for the passphrase, is
    > there a limit on the character length that can be used for the passphrase?
    >
    > C) And for my dumb ignorant question: It seems to me that if one enables 128
    > bit security, the charcter length in the Key entry should be somewhat
    > sufficient when using WEP. I suppose if somebody was parked outside my house
    > for several days, they could eventually crack it.. How about if I turn down
    > the antenna transmit power?
    >
    > thanks for your time.
    >
    > "__spc__" wrote:
    >
    >
    >>"mikey b from sd" <> wrote in message
    >>news:...
    >>
    >>>OK, I'm trying to understand basic security..all I have is a di 524 with
    >>>two
    >>>desktops connected via ethernet.. And then i have one laptop connected via
    >>>wireless.. Besides using WEP, I want to add MAC filtering.. My question,
    >>>does
    >>>the MAC address stay the same when the laptop "log's on" or does it change
    >>>like an IP?. I was going to clone the MAC address and add it to the permit
    >>>this MAC address access to the network under mac filter rules
    >>>
    >>>Do I make sense?

    >>
    >>Each network adaptor has a unique MAC address. All data packets sent by
    >>WiFi include the MAC address, so anyone sniffing can grab that info, then
    >>spoof it.
    >>
    >>The best security is to have a strong WPA-PSK TKIP or better still, WPA-PSK
    >>AES, passphrase, like "tlshuo891ixkaiuo22", or if you can get it to work,
    >>include some other characters like "&" "£" "%" "!" etc.
    >>
    >>
    >>


    WEP is easier to crack than you might think, 128 bits notwithstanding:
    http://www.tomsnetworking.com/Sections-article118.php
    Lem, Jan 29, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve P

    MAC Address Filtering

    Steve P, Jan 1, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    670
    Carey Holzman
    Jan 1, 2005
  2. chackamakka

    pix mac address filtering

    chackamakka, Jul 8, 2004, in forum: Cisco
    Replies:
    1
    Views:
    847
    Walter Roberson
    Jul 8, 2004
  3. chackamakka

    Mac address filtering

    chackamakka, Jul 14, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,290
    Pavlov
    Jul 15, 2004
  4. ridergroov

    IOS MAC Address filtering?

    ridergroov, Jan 3, 2007, in forum: Cisco
    Replies:
    3
    Views:
    3,514
    Peter
    Jan 3, 2007
  5. ttripp
    Replies:
    5
    Views:
    2,211
    Thrill5
    Feb 5, 2010
Loading...

Share This Page