MAC Filtering VS WPA

  • Thread starter Deleted member 143938
  • Start date
D

Deleted member 143938

Guest
I'm running a home network and have MAC filtering on set to allow only my 3 home computers to access the router. Is this enough or would I want to also turn on WPA?

I'm also running DD-WRT, how come it's displaying two Wireless Physical Interface? One is WL0 and the other is WL1
 
breadtk said:
Short answer: Yes turn on WPA, preferably WPA2

Long answer: MAC filtering will only restrict basic users who are not suppose to be on the network from using it's resources. WPA (Which by the way has been cracked, you should try and use WPA2 with AES) will add another layer of protection by encrypting your traffic. Without any encryption, most of your packets will be sent in plain text for the whole world to see. :)
Click to expand...
It should be noted that even with encryption, the MAC is still sent in the clear, so anybody so inclined can spoof a mac with little effort.
 
breadtk said:
Short answer: Yes turn on WPA, preferably WPA2

Long answer: MAC filtering will only restrict basic users who are not suppose to be on the network from using it's resources. WPA (Which by the way has been cracked, you should try and use WPA2 with AES) will add another layer of protection by encrypting your traffic. Without any encryption, most of your packets will be sent in plain text for the whole world to see. :)
Click to expand...

Oh, wow, I thought WPA/WPA2 was just another way to stop people from accessing the network (because it creates some kind of a special password that's required to access the network), I had no clue it also encrypts outgoings. Thanks!
 
Yeah...WPA2 should be turned on before you even allow users to access the intarwebs. Get on it :D
 
breadtk said:
Short answer: Yes turn on WPA, preferably WPA2

Long answer: MAC filtering will only restrict basic users who are not suppose to be on the network from using it's resources. WPA (Which by the way has been cracked, you should try and use WPA2 with AES) will add another layer of protection by encrypting your traffic. Without any encryption, most of your packets will be sent in plain text for the whole world to see. :)
Click to expand...

Actually, no, it hasn't been cracked. All those reports about WPA-TKIP being cracked were false. They did, however, find a way to exploit and inject packets but in terms of being able to crack and get into the network, WPA-TKIP is still safe.

but bottom line is, WPA2 and a long passphrase is still the best way to go
 
My mistake. I was too lazy to do it in my previous post ;)

Now let's back up a little. The early coverage of this crack indicated that TKIP keys were broken. They are not. "We only have a single keystream; we do not recover the keys used for encryption in generating the keystream," Tews said.
Click to expand...

http://arstechnica.com/articles/paedia/wpa-cracked.ars/2




As for the original question of the thread, in my opinion, MAC filtering is absolutely useless. You don't need it when you secure it properly in the first place. In fact, it's more of an inconvenience than anything else.
 
Luda said:
As for the original question of the thread, in my opinion, MAC filtering is absolutely useless. You don't need it when you secure it properly in the first place. In fact, it's more of an inconvenience than anything else.
Click to expand...

How come you think that for a home network? It's pretty unlikely someone in my neighbourhood knows how to change his MAC address, let alone how would he know what the only three allowed MAC addresses actually are?
 
Tylerdurdened said:
How come you think that for a home network? It's pretty unlikely someone in my neighbourhood knows how to change his MAC address, let alone how would he know what the only three allowed MAC addresses actually are?
Click to expand...

Maybe not a neighboor, but anyone driving by could park his car in front of your house
and use airodump-ng just to monitot the area and pickup what adapters are talking to what AP and get the mac of both.
 
Tylerdurdened said:
How come you think that for a home network? It's pretty unlikely someone in my neighbourhood knows how to change his MAC address, let alone how would he know what the only three allowed MAC addresses actually are?
Click to expand...

Well, let me put it this way.
How likely do you think it is that someone will know how to run a packet sniffer on your network if you happened to leave it wide open? Probably about as likely as someone knowing how to spoof MAC addresses. Would you leave your network unencrypted then?

Also, as OmegaAvenger stated, it doesn't take much to find out what the MAC addresses allowed on a network are. MAC's are sent out in clear text and currently connected addresses can be sniffed out in mere seconds, rendering filtering fairly useless.

WPA2-AES with *at least* a twenty character passphrase comprised of random characters is practically uncrackable in a reasonable amount of time. It's all you need.
 
MAC Filtering is pretty useless against anyone who knows what they're doing. All you need to do is sniff the MAC and spoof.

Go with WPA2 or WPA. WEP only gives you a false sense of security.

My network is the only one in the area using WPA2/AES. :(
 
You must log in or register to reply here.
Back
Top