"Phil Newnham" <pnewnham (AT) yahoo (DOT) com> wrote


What's wrong with tying the wireless down to specific MAC addresses?

Paul

Paul Ian Harman wrote:

That works if you don't have a lot of different and constantly changing
pc's accessing the network. In my case I use the wireless network when
I'm working on clients pc's/laptops, and it would be a bit of a drag
going into the router every time I bring a new one into the workshop.
Similarly, some of my larger clients use their wireless networks to
allow visitors/guests to use the network and they don't want to have to
fiddle with the router settings because they are not particularly
tech-minded, and could easily f the network up. A simple encryption key
is fine for this kind of thing.

Other than that it's a good idea.

--
Paul-B Formula 1 - cheat-free version here now.

Paul Ian Harman wrote:
Because the MAC address must then be transmitted by your hardware in
order to authenticate it on the network. If you encrypt using WEP, then
a hacker with the right (freely available tools) simply records a few
hours traffic between your machine and the wireless access point. Within
those packets, the WEP key and the MAC address are repeated, over and
over. This means that even with a 128 bit key, the chances of breaking
the encryption go up and up simply by increasing the sample space,
because of the repetition. Then you break the WEP key, and get the
authenticated MAC address, and then hack into the network by pretending
to be a computer with an allowed MAC address. None of which I've done,
but apparently it isn't difficult. So next doors scruffy teenager can
download a tool off the web, crack your network, fake your MAC address
and happily download horse pr0n, safe in the knowledge that you'll take
the rap

--
Phil

http://www.flickr.com/photos/tmc1979/

Paul Ian Harman wrote:
I forgot to say, I do run MAC filtering, but with WPA encryption as
well. I use MAC filtering just to have control over which machines are
allowed on the network but it's probably unnecessary with encryption
over the top.

--
Phil

http://www.flickr.com/photos/tmc1979/

"Phil Newnham" <pnewnham (AT) yahoo (DOT) com> wrote


Sure, that's all possible, but it doesn't seem particularly easy or likely.

My neighbours - or at least those within WiFi range - are all elderly and
not techno-savvy. But point taken.

I just don't want to have to type in yet another lousy password to get my
laptop online when I bring it home, but that's probably automatable
anyway...

Paul

Paul Ian Harman wrote:
I think you underestimate both the boredom and the technical ability of
your average geeky 14 year old

Someone got prosecuted under the Computer Misuse Act the other day for
driving around with a laptop and looking for WiFi networks to hack into.
It's up to you - I agree it's a small risk.

Once you've given the laptop the WPA key it shouldn't ask you for it again.

--
Phil

http://www.flickr.com/photos/tmc1979/