rusty1989
join:2008-04-01
90451 | reply to rusty1989
Re: Question about MAC Filtering
Thanks for the replies. The router is an old Belkin and only has WEP. That is why I was looking to MAC filtering as a second layer of protection. |
|
docrice
join:2008-03-31
Fremont, CA
| It's quite unfortunate that Belkin didn't put in the capability to turn off the radio. In your case, I'd enable WEP (just for the hell of it) and throw in a MAC address on your list that couldn't normally exist in a client machine. Kinda like:
00:09:25:87:be:c8
I just created that via macchanger. It's a hardware address that may be identified as a VSN Systemen BV device. Assuming you never use your wireless, I guess it's something else an attacker would have to guess at. Cover your AP so the radio is dampened. This is all just security through obscurity.
I'd check the Belkin site and see if they have a newer firmware release which may provide you with WPA. Otherwise, you can probably pick up an older non-wireless router for cheap these days instead. |
|
caribconsult
Premium
join:2003-03-19
Mayaguez, PR
 ·Millenicom
·Sprint Mobile Broa..
 ·HughesNet Satellit..
| DOCRICE: Do I understand you to say that if MAC filtering is used (allow only listed), then a snooper might see my wireless net via the SSID broadcast, but would not be able to obtain any information such as active or valid MAC addresses, IP addressing, whatever? That they'd see packets of stuff zipping around but have no access to any of it?
I've seen many posts, on this forum and others, describing how easy it is to penetrate this - that all this stuff is just flying around in the clear and anyone who had the right software could spoof a valid MAC address off my net even though his existing MAC is not authorized. What's the real deal here?
Thanks for your help.
--
Franklin CDU680/Assent MBR400 combo, CAY1912 panel antenna, Millenicom, 4 XPPro stations, Mozilla everywhere. |
|
docrice
join:2008-03-31
Fremont, CA
| To summarize, you're only concerned about using your wired network and really trying to "logically" disable the wireless functionality (with the limited disabling ability you have on the device), right?
The only way for an attacker in your scenario to see traffic that's on the wired network is to associate / bridge herself to your overall network. To be able to do that, they'd need to plug into a physical wired port (not practically possible, obviously) or obtain the proper WEP key. Since you're not connecting a client wirelessly to the access point at all, you're not generating any frames (and thus IV values) that an attacker can capture and decipher your key with. And since there's no authorized client associated to the access point at any time, there's really no MAC address visible to spoof.
You're kind of an exception to the rule because although you have a wireless-capable device, you're not using it at all. In your case, the risk comes into picture when you actually do use a wireless connection with WEP enabled (and / or using MAC filtering).
The only thing that your idle access point throws out into the air is the 802.11 beacon frames which contain the SSID value and other informational elements such as supported attributes. These get broadcasted out about 10 times a second typically. There's also the 802.11 control frames (RTS, CTS, ACK), but other than that, there's nothing being leaked out unless the attacker actually bridges to the network through 802.11 association or by deciphering your key value(s) based on existing wireless traffic by legitimate clients. They could, of course, also guess at your WEP key by trying every possible string permutation which isn't as practical as just deciphering the key value based on existing traffic. And then if you have a MAC filter set, they'd have to guess at that too since there's no clients ever associating to it.
If you really want to see it all in action, use AirPCap or a Linux distribution like BackTrack combined with a supported wireless card and observe the layer 2 traffic taking place on the radio channel the AP's operating on.
All this trouble could have been alleviated if the vendor would allow a simple function like turning off the radio. |
|
