docrice
join:2008-03-31
Fremont, CA
| reply to caribconsult
Re: Question about MAC Filtering
To summarize, you're only concerned about using your wired network and really trying to "logically" disable the wireless functionality (with the limited disabling ability you have on the device), right?
The only way for an attacker in your scenario to see traffic that's on the wired network is to associate / bridge herself to your overall network. To be able to do that, they'd need to plug into a physical wired port (not practically possible, obviously) or obtain the proper WEP key. Since you're not connecting a client wirelessly to the access point at all, you're not generating any frames (and thus IV values) that an attacker can capture and decipher your key with. And since there's no authorized client associated to the access point at any time, there's really no MAC address visible to spoof.
You're kind of an exception to the rule because although you have a wireless-capable device, you're not using it at all. In your case, the risk comes into picture when you actually do use a wireless connection with WEP enabled (and / or using MAC filtering).
The only thing that your idle access point throws out into the air is the 802.11 beacon frames which contain the SSID value and other informational elements such as supported attributes. These get broadcasted out about 10 times a second typically. There's also the 802.11 control frames (RTS, CTS, ACK), but other than that, there's nothing being leaked out unless the attacker actually bridges to the network through 802.11 association or by deciphering your key value(s) based on existing wireless traffic by legitimate clients. They could, of course, also guess at your WEP key by trying every possible string permutation which isn't as practical as just deciphering the key value based on existing traffic. And then if you have a MAC filter set, they'd have to guess at that too since there's no clients ever associating to it.
If you really want to see it all in action, use AirPCap or a Linux distribution like BackTrack combined with a supported wireless card and observe the layer 2 traffic taking place on the radio channel the AP's operating on.
All this trouble could have been alleviated if the vendor would allow a simple function like turning off the radio. |
