How secure is an open network using MAC filtering?

Archived from groups: alt.internet.wireless (More info?)

Hello,

On my home network, I have a hacked series 1 Tivo running off an old
Orinoco Gold card. I don't know how to configure the Tivo for WEP and I
don't think the card supports WPA. My question is how safe will I be
if I simply run an open network and filter MACs, only allowing
recognized wireless clients to connect?
In theory, doesn't this approach alone lock out intruders or are there
ways around it that I'm not aware of?

Thanks,

--Al
6 answers Last reply
More about secure open network filtering
  1. Archived from groups: alt.internet.wireless (More info?)

    What ever goes across your WiFi network will be in the clear, but if you're
    only sending video, then no worries. If you were using passwords, credit
    cards, bank accounts, or private email, then someone intent on monitoring
    you, could do so with a simple WiFi laptop, and sniffer software.

    Bill Crocker


    "Al Puzzuoli" <alpuzz@comcast.net> wrote in message
    news:MPG.1c0dc199c7f33fd498968d@news.giganews.com...
    > Hello,
    >
    > On my home network, I have a hacked series 1 Tivo running off an old
    > Orinoco Gold card. I don't know how to configure the Tivo for WEP and I
    > don't think the card supports WPA. My question is how safe will I be
    > if I simply run an open network and filter MACs, only allowing
    > recognized wireless clients to connect?
    > In theory, doesn't this approach alone lock out intruders or are there
    > ways around it that I'm not aware of?
    >
    > Thanks,
    >
    > --Al
    >
  2. Archived from groups: alt.internet.wireless (More info?)

    On Tue, 23 Nov 2004 21:53:01 -0500, Al Puzzuoli spoketh

    >Hello,
    >
    >On my home network, I have a hacked series 1 Tivo running off an old
    >Orinoco Gold card. I don't know how to configure the Tivo for WEP and I
    >don't think the card supports WPA. My question is how safe will I be
    >if I simply run an open network and filter MACs, only allowing
    >recognized wireless clients to connect?
    >In theory, doesn't this approach alone lock out intruders or are there
    >ways around it that I'm not aware of?
    >
    >Thanks,
    >
    >--Al

    MAC address filtering is easy to get around. Since every packet of
    wireless traffic on your network contains the source and destination MAC
    address in clear text (even if your traffic had been encrypted), it
    doesn't take much to extract the MAC addresses and map out your network.
    Also, it's not only your wireless network that is exposed (unless you've
    separated your WLAN from your LAN with a router), but also your wired
    network. That means that people can connect to your LAN with a "forged"
    MAC address, and connect to any networked device on your LAN, wired or
    wireless. If you have you Quicken files in a shared folder on a
    Windows98 box, then they are all up for grabs...


    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  3. Archived from groups: alt.internet.wireless (More info?)

    This wont help for MAC spoofing, but I use AirSnare (free) and run it
    on one of my wired machines. You can tell it which macs are friendly
    and if someone elses gets on your network wired or wireless it will
    yell at you through the speakers or send you an email.
    http://home.comcast.net/~jay.deboer/airsnare/

    You will need to also install winPcap 3.0. You can get it from the
    ethereal.com website.


    "Al Puzzuoli" <alpuzz@comcast.net> wrote in message
    news:MPG.1c0dc199c7f33fd498968d@news.giganews.com...
    > Hello,
    >
    > On my home network, I have a hacked series 1 Tivo running off an old
    > Orinoco Gold card. I don't know how to configure the Tivo for WEP
    and I
    > don't think the card supports WPA. My question is how safe will I
    be
    > if I simply run an open network and filter MACs, only allowing
    > recognized wireless clients to connect?
    > In theory, doesn't this approach alone lock out intruders or are
    there
    > ways around it that I'm not aware of?
    >
    > Thanks,
    >
    > --Al
    >
  4. Archived from groups: alt.internet.wireless (More info?)

    Great,

    Thanks for this.

    --Al

    In article <41a4eb40$0$800$2c56edd9@news.cablerocket.com>,
    campbell@alliancecable.net says...
    > http
    >
  5. Archived from groups: alt.internet.wireless (More info?)

    would think that enabling "Virtual LAN" like some of cpx/complex devices
    have,
    MAC would not be discovered _
    Am I correct ?

    "Al Puzzuoli" <alpuzz@comcast.net> wrote in message
    news:MPG.1c0dc199c7f33fd498968d@news.giganews.com...
    > Hello,
    >
    > On my home network, I have a hacked series 1 Tivo running off an old
    > Orinoco Gold card. I don't know how to configure the Tivo for WEP and I
    > don't think the card supports WPA. My question is how safe will I be
    > if I simply run an open network and filter MACs, only allowing
    > recognized wireless clients to connect?
    > In theory, doesn't this approach alone lock out intruders or are there
    > ways around it that I'm not aware of?
    >
    > Thanks,
    >
    > --Al
    >
  6. Archived from groups: alt.internet.wireless (More info?)

    bumtracks wrote:

    > would think that enabling "Virtual LAN" like some of cpx/complex devices
    > have,
    > MAC would not be discovered _
    > Am I correct ?

    No, the AP will filter packet by checking the included destination MAC
    address.
    So either you send an valid MAC address with the packet allowing it to be
    sniffed or it will not pass the APs filter.

    VLAN is a simple protocol and offers no security for the tagged packets.

    Thomas
Ask a new question

Read More

Wireless Open Network Wireless Networking