Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJob BoardISP NewsFAQsForumsToolsMapsAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Wireless Security » Question about MAC Filtering
 
Search Topic:
  Share Topic:
RSS topic:
 
Posting
toggle:
flat / full
normal / watch
Post a:
Post a:
Links: ·Forum Guidelines ·Wireless Security FAQ ·Keith's FAQ
SSID hiding and interference? »
« MAC filters - useless?  
AuthorAll Replies

docrice

join:2008-03-31
Fremont, CA

reply to caribconsult
Re: Question about MAC Filtering

To summarize, you're only concerned about using your wired network and really trying to "logically" disable the wireless functionality (with the limited disabling ability you have on the device), right?

The only way for an attacker in your scenario to see traffic that's on the wired network is to associate / bridge herself to your overall network. To be able to do that, they'd need to plug into a physical wired port (not practically possible, obviously) or obtain the proper WEP key. Since you're not connecting a client wirelessly to the access point at all, you're not generating any frames (and thus IV values) that an attacker can capture and decipher your key with. And since there's no authorized client associated to the access point at any time, there's really no MAC address visible to spoof.

You're kind of an exception to the rule because although you have a wireless-capable device, you're not using it at all. In your case, the risk comes into picture when you actually do use a wireless connection with WEP enabled (and / or using MAC filtering).

The only thing that your idle access point throws out into the air is the 802.11 beacon frames which contain the SSID value and other informational elements such as supported attributes. These get broadcasted out about 10 times a second typically. There's also the 802.11 control frames (RTS, CTS, ACK), but other than that, there's nothing being leaked out unless the attacker actually bridges to the network through 802.11 association or by deciphering your key value(s) based on existing wireless traffic by legitimate clients. They could, of course, also guess at your WEP key by trying every possible string permutation which isn't as practical as just deciphering the key value based on existing traffic. And then if you have a MAC filter set, they'd have to guess at that too since there's no clients ever associating to it.

If you really want to see it all in action, use AirPCap or a Linux distribution like BackTrack combined with a supported wireless card and observe the layer 2 traffic taking place on the radio channel the AP's operating on.

All this trouble could have been alleviated if the vendor would allow a simple function like turning off the radio.
to forum · permalink · · 2008-05-04 20:04:19 · Reply to this
Forums » Up and Running » Security » Wireless SecuritySSID hiding and interference? »
« MAC filters - useless?  

Most commented news this week
· [173] East Coast Verizon Workers Authorize Strike
· [165] Is AT&T Hinting At Usage-Based Pricing This Fall?
· [149] Time Warner Cable Using Fine Print To Foist Caps On Customers
· [125] Is Broadband A Civil Right?
· [111] The Great Landline Exodus Continues
· [97] Update Your Browser, Dummy
· [82] What's Your Favorite Newsgroup Provider?
· [74] Comcast Hit With Another Throttling Lawsuit
· [73] Google's Cerf: Baby Bells Act Like Tots Having Tantrums
· [71] NY AG Will Sue Comcast If They Don't Pretend To Fight Child Porn
Friday, 25-Jul
20:42:20 		Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
8th year online! © 1999-2008 dslreports.com.
page compression OFF