MAC filtering is useless, right?

Author	All Replies
WH4K join:2010-08-12 Albuquerque, NM Reviews: ·Comcast	MAC filtering is useless, right? I was just reading through the wireless security FAQ and noticed that, while acknowledging the possibility of wireless MAC address spoofing, it still recommends to turn MAC address filtering "on" if available on your router/access point. That's all going to go away, now that Intel removed access to the MAC address in their wireless drivers, right? I ran across that fact when researching the wireless NIC (Intel Centrino N 130) of my new notebook PC. Apparently, Intel lives in a magical fantasy land, where black hats will find it "impossible" to work around this restriction, and we will all be perfectly secure because wireless MAC spoofing is no longer possible.
	to forum · permalink · 2011-08-17 18:18:17 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	Well, no, it isn't useless. It just won't make you secure. MAC filtering will keep honest people out. It will stop your neighbor from accidently connecting. If somebody does MAC spoofing to break in, there is a stronger legal case that they were trespassing (assuming that you can catch them). However, if you have WPA security, then MAC filtering adds nothing. The most likely effect of MAC filtering plus WPA, is that the next time you add a new device to your LAN you will have trouble connecting because you forgot that you had setup MAC filtering. As for "Intel removed access to the MAC address," that's unlikely to affect people who try to break in. Those of us who use linux will probably still have our own drivers which do allow setting a MAC. It is probably a move by Intel to simplify their software. -- AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.4; firefox 5.0
	to forum · permalink · 2011-08-17 22:35:45 ·
supergeeky join:2003-05-09 United State kudos:3	reply to WH4K MAC filtering takes all of 5 seconds to get around... Sniff out a good MAC, easily change to it under the driver properties (sometimes the field is called "locally administered MAC address" or "physical address" or "network address") I haven't come across a NIC where I couldn't change it yet. It is not real security, it is security by obscurity. That said, it may stop a few people, perhaps the "not too geeky teen" across the street from you, but it will not fool everybody. What prevents you from using an industry standard method like RADIUS, 802.1x, and/or WPA2 with 63 random alpha-numeric characters as the key? ...and/or changing your password every month?
	to forum · permalink · 2011-08-17 22:40:00 ·
WH4K join:2010-08-12 Albuquerque, NM Reviews: ·Comcast	reply to nwrickert said by nwrickert: As for "Intel removed access to the MAC address," that's unlikely to affect people who try to break in. Those of us who use linux will probably still have our own drivers which do allow setting a MAC. It is probably a move by Intel to simplify their software. Exactly, but to listen to Intel, they've done humanity a great service by making it more difficult for users to conduct security experiments. So far, I can't even test whether the wireless MAC filtering (by means of access list) on my router even does anything, because Intel decided I didn't "need" the ability to spoof the MAC address on my notebook's WLAN adapter. I am particularly interested in trying to "knock off" one of my other wireless NICs by "stealing" its MAC address. I honestly don't know how my router would react. I sure would feel better about its level of security if I could test that. But I can't, thanks to Intel. I doubt security professionals would put up with such an artificial restriction, so I can only surmise they are not buying/using any Intel Centrino N gear.
	to forum · permalink · 2011-08-18 00:09:00 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	said by WH4K: Exactly, but to listen to Intel, they've done humanity a great service by making it more difficult for users to conduct security experiments. When you do something that saves you money but inconveniences your users, you consult your public relations department to find a way of describing what you are doing that makes you sound positively altruistic. -- AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.4; firefox 5.0
	to forum · permalink · 2011-08-18 00:15:27 ·
WH4K join:2010-08-12 Albuquerque, NM Reviews: ·Comcast	reply to WH4K FWIW, I tried spoofing the Centrino's wireless MAC address under a live session of Linux (Ubuntu 10.04 specifically) and it didn't work there either. But it could be I just don't know what I'm doing. I'm not seeing how removing an important security feature "saves money" for Intel. You make it sound like they didn't do it just to piss off users who like to tinker.
	to forum · permalink · 2011-08-18 00:25:33 ·
SoonerAl Old enough to know better Premium,MVM join:2002-07-23 Norman, OK kudos:5	reply to WH4K Its actually part of a two layered approach to wireless security... WPA2/WPA with a long random key keeps unauthorized clients locked out... MAC address filtering keeps legitimate wireless clients from connecting to your private WLAN. The way it works is you forget you have implemented MAC filtering subsequently locking authorized clients out... -- "When all else fails read the instructions..." MS-MVP Windows Expert - Consumer
	to forum · permalink · 2011-08-18 06:51:55 ·

joshb Don't sweat the small stuff. Premium join:2006-03-04 Calgary, AB	reply to WH4K edit N/M dead thread.
	to forum · permalink · 2011-10-03 01:01:13 ·

Broadband Tech > Security > Wireless Security > MAC filtering is useless, right?