mac address

[gaf-mNDKBlG2WHs at public.gmane.org (Jerry Feldman)]

On 10/05/2010 11:37 AM, Rob Hasselbaum wrote:
> On Tue, Oct 5, 2010 at 11:24 AM, j. daniel moylan <moylan at alioth> wrote=
:
>
>  =20
>> rob hasselbaum writes:
>>    =20
>>> Bear in mind that it is easy to spoof MAC addresses, so this
>>> doesn't offer much in the way of security if that is your
>>> goal.
>>>      =20
>> hmmm -- how does the interloper find the right MAC address
>> to spoof?
>>
>>
>>    =20
> If your network is not protested by WPA, the attacker can simply watch =
the
> traffic, which will show him the authorized MAC addresses. Then he can =
just
> pick a machine to impersonate. If he's smart, he'll wait until the
> authorized machine is idle so there's less chance of detection. Heck, h=
e
> could even impersonate the access point.
>
> If the network is protected by WPA, but he somehow cracks it, he's alre=
ady
> scaled the mountain and MAC address filtering is merely a speedbump. ;-=
)
>  =20
Just to add to this. If you live in an area with several open wireless
it is possible to grab someone else's wireless thus exposing the MAC
address. A couple of years ago, my boss was questioning our WPA password
(that had a few former employee names) and suggested I just do MAC
address filtering. I told him it was a bad idea for a few reasons.
Another was that a number of us have laptops that go places. In my case,
my personal laptop goes to BLU meetings, home and other places. But in
our building I can see at least 20 WAPS, and a few of them are open. So,
if someone had really wanted to get into our corporate network it would
be fairly simple if we used MAC filtering only. But, MAC filtering is a
good way to help secure your network in addition to the use of WPA and a
good password. (I've since let the router generate a password).

At home I check my router to see if I see an unusual connection. Since I
am in a residential single family neighborhood, anyone in one of the
homes would most likely not get a very good connection, but I can see 2
or 3 and I know that my neighbors are mostly computer illiterate, but a
few have kids who I don't know and if wireless had been around when I
grew up in jr high I know I would be sniffing at networks, and one of my
friends' father was an MIT professor. We made a couple of electronic
things in our basements at that time.

But, I was also at a party where the host was pretty computer
knowledgeable, and I questioned him about his open router. He didn't
care if someone connected through his router because he said he had
enough protection on the computers inside.  Basically once you are on
the network, you can then do some damage.

The bottom line is your router is not a true firewall, but it is your
first line of protection.  If someone could get into your network and
try to attack one or more of the computers the problem is much simpler
for the hacker. While a properly configured Windows system is probably
just as hard to crack as a Linux system, the data in a Windows system is
generally in the same place for all Windows systems.

--=20
Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846