If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
WPA vs. Mac filtering
Sometimes when I get something new I turn off WPA or whatever the router uses, but I use MAC filtering. It does prevent me from getting in so why do people ridicule it and why does my computer say "unsecured". |
Ads |
#2
|
|||
|
|||
WPA vs. Mac filtering
On 24 Jul 2016, Micky wrote in
microsoft.public.windowsxp.general: Sometimes when I get something new I turn off WPA or whatever the router uses, but I use MAC filtering. It does prevent me from getting in so why do people ridicule it and why does my computer say "unsecured". For one thing, MAC addresses can be easily spoofed. |
#3
|
|||
|
|||
WPA vs. Mac filtering
On Sun, 24 Jul 2016 14:30:42 -0400, Nil wrote:
On 24 Jul 2016, Micky wrote in microsoft.public.windowsxp.general: Sometimes when I get something new I turn off WPA or whatever the router uses, but I use MAC filtering. It does prevent me from getting in so why do people ridicule it and why does my computer say "unsecured". For one thing, MAC addresses can be easily spoofed. True, but if you are using a strict set of MAC filtering rules and an outsider doesn't know what addresses or ranges are in use by your devices, then it makes it that much harder for them to gain access to your WiFi network. On that basis people should not be too quick to dismiss MAC address filtering. A lot of people knock it but typically that's because they don't understand it. It's a balancing act between what is right for your uses. I use MAC address filtering on my home WiFi but it does mean more work for me whenever I add new hardware. I'm prepared to live with that if it prevents my freeloading neighbour from piggy-backing on my network (which I monitor) and I hate to think of the kinds of websites he's visiting!!! Caveat: at the end of the day there is no such thing as a totally secure network anyway. Also, there is no such thing as genuine protection, privacy, etc. A determined hacker will find a way eventually. |
#4
|
|||
|
|||
WPA vs. Mac filtering
Micky wrote:
Sometimes when I get something new I turn off WPA or whatever the router uses, but I use MAC filtering. It does prevent me from getting in so why do people ridicule it and why does my computer say "unsecured". Someone with the proper software and knowledge with a wifi laptop nearby can read your mac address from the packets, knock you off line, spoof your mac addy, and take control of your router. While it's unlikely to happen I won't take the chance. Easy enough to turn on wpa2 which is much more difficult to hack. At the moment I can see 22 mac addresses from my suburban residence. Two of them are open with no wpa security... |
#5
|
|||
|
|||
WPA vs. Mac filtering
Micky wrote:
Sometimes when I get something new I turn off WPA or whatever the router uses, but I use MAC filtering. It does prevent me from getting in so why do people ridicule it and why does my computer say "unsecured". Anyone can use any MAC they want. There is nothing fixed about a MAC address. Device Management (devmgmt.msc) Right-click on your NIC. Select "Properties" from context menu. Advanced tab. Select "Locally administered address". Select radio box next to input field (i.e., deselect "Not present"). Put any valid MAC value you want. In fact, there is software that will rotate through a whole range of values for the MAC address so those users can get around MAC blocks. Only if 2 hosts are on the same subnet would use of the same MAC address cause networking conflicts (MAC addresses are not routable). Yes, you may filter-in only a specific MAC address you want to allow for your intranet hosts. That doesn't stop someone else from using software to repeatedly change their MAC value, try to bypass your router, and repeat on failure until they get through. Filtering on MAC only works somewhere around 30 years ago with NICs were hardcoded with a MAC address that the OS did not override. Nowadays, every OS has an override of what MAC address is stuffed into their packets sent out on the network. It's like having a round security key to prevent anyone from opening your house door but then you find out that everyone has access to the hinges to remove the door. https://en.wikipedia.org/wiki/MAC_spoofing Since MAC addresses are not routable, spoofing is of no concern regarding hosts outside your subnet and especially beyond your router and its built-in very basic router. However, if you are using MAC blocking to prevent external hosts from entering your network, you already let them in via wifi if you haven't used pairing to ensure which hosts are allowed on your network. You want your wifi hosts to have the keys needed to use your network. Anyone outside can see your wifi network (just turn on your smartphone to see it) and get on it, and anyone can use software for MAC spoofing to test through a range of values until they happen to find those you permitted in. I'm only going to allow people with the name of Theodore into my network. I won't tell anyone that. I'm not going to secure the doors on my house so anyone can come in other than a name filter. Along comes Malificent who, when asked, says her name is Theodore and, poof, she gets in. You want to lock the door and secure its hinges to prevent Malificent from strolling into your house in the first place, not just hope a nametag affixed to your stereo and TV saying only Theo can use them would stop Malificent under a differnt name. There is *nothing fixed* about MAC addresses. You can use whatever one you want. MAC filtering is a rope across your door: it only keeps out those that don't need to be kept out. That is, it keeps the trustworthy from deciding to be otherwise. It doesn't keep the non-trustworthy from simply walking in. You want keys to control access, not nametags. |
Thread Tools | |
Display Modes | |
|
|