Archived from groups: (
More info?)
On Thu, 29 Sep 2005 09:10:51 +0200, Sander <Big_Scary_Man@hotmail.com>
wrote:
>
>> There is no way anything can be totally secure, the only thing security
>> mesaures do is prolong the time until you have been compromised. If you
>> have more than one security measure (ex. WPA2 and MAC address filtering)
>> it will take longer to crack than if you only had one of them.
>
>True but MAC address filtering will add all of about 3 seconds. Not
>worth the hassle IMO.
>The only useful purpose of a MAC access control list is to log MAC
>adresses that are not allowed and to warn an administrator that
>unauthorized acces has been attempted. You might find the attacker
>before he/she succeeds in breaking tho other security measures. Not a
>likely scenario for a home network.
Well, there are other uses for MAC filters. I run an open
(unencrypted) neighborhood WLAN with about 15 machines connected via
wireless. New machines come and go as people bring their laptops and
PDA's into range. No problem. However, we have a few teenagers with
no clue about misusing or hogging the system. So, when the traffic
goes tilt, and I see it's mostly porno, I block the MAC address and
await the inevitable "is the network down" phone call. Not the best
means of blocking abuse, but it gets their attention.
Some of the local public hot spots go a step furthur. They run some
IDS (intrusion detection system) such as Snort to detect abuse. If it
detects anything obviously disgusting, it blocks the MAC address for a
few minutes. That's caught 3 different spammers at one hot spot. (Why
3 different spammers would select the same hot spot to do their
spamming is an open question).
Another dumb use of MAC filtering is where there's a system of
multiple access points, all with the same SSID and no easy way to
select a specific access point. This became a problem in a large
concrete (refridgerated) produce warehouse. The reflections off the
walls would sometimes cause workstation to select the wrong access
point. So, I added MAC address filters into the non-desired access
points leaving the clients to connect to the others. Keeping track of
these setting has been no fun, but it did the job.
Another use it to mitigate a form of abuse. One hot spot operate was
plagued by a nearby home user who decided that the hot spot would
become his private broadband connection. Unfortunately, he was not
very considerate with his usage patterns. At first, I blocked his MAC
address, but he quickly figured out how to change that (probably from
one of my postings). So, the hot spot had to go to an authentication
system where the users get tokens at the cash register which entitles
them to use the system. The owner keeps juggling systems and schemes,
but one of them simply registered the MAC address in the access points
MAC address filter.
--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060
http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558