| Bell 2701 HG NO Router Mac Filtering (Wirelessly) Hello Everyone,
I just finished a Networking Admin course and noticed that the Bell 2701 router modem combo mac filtering does not work with the latest firmware update.
Mac address on block list do nothing to stop internet surfing or internal network surfing. Once a person know your access password they have full access to your internal network.
I used allow people to use the internet and after they went home I would just block the address and assumed they would be locked out.
This is not the case, test it your selves if you would like, block a mac address and then enter the password for the SSID address and the router will let you in and give you full access to files and computers connected to your internal network.
Even with a different workgroup address windows 7 will allow you in the network, unless your computer are setup with password for all equipment.
This is just to let everyone know that the mac filtering security does not work or exist with 2701 routers.
Do your own tests, I could not believe this and called BELL, they did believe me either until further testing, and they have sent a message up to a higher level for more testing.
Shut down your equipment when not in use for full security.
Cheers
Ed |
|
 aefstoggaflmOpen Source FanPremium
join:2002-03-04
Bethlehem, PA
kudos:2
 ·Verizon Online DSL
| Not only Once a person know your access password they have full access to your internal network but MAC Addresses can be spoofed/cloned...
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact. |
|
| Agreed but the person need to know the MAC address that is in your allow list to do that. A person can sit outside your house with a pwd generator until there in.
But if there not on the allow list even when the get the right pwd they would be locked out. This would or should shop them, but as I have said above MAC filtering does not work correctly.
MAC Cloning is good if you no the MAC to use... With MAC filtering when working will make it that much harder to gain access to a persons internal network.
I'm still testing and tried reseting using the button on the back and then enter information back. But I think the check mark for MAC filtering (ENABLE) nolonger operates.
I have saved with it out and then checked it and then re-saved but still access, filter no working...
BS security... I want the modem back and a new router or bridge I guess until they fix this mess.
Cheers,
Ed |
|
|
|
aefstoggaflmOpen Source FanPremium
join:2002-03-04
Bethlehem, PA
kudos:2 Reviews:
·Verizon Online DSL
| said by Edward5572 :Agreed but the person need to know the MAC address that is in your allow list to do that.
MAC Addresses regardless of what level of wireless encryption is used (WEP/WPA/WPA2) are always sent in the clear - just die the myth that MAC Address filtering is useful..
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact. |
|
bbear2
join:2003-10-06
94045
kudos:2 | The MAC address filtering keeps honest people honest. |
|
aefstoggaflmOpen Source FanPremium
join:2002-03-04
Bethlehem, PA
kudos:2 Reviews:
·Verizon Online DSL
| said by bbear2:The MAC address filtering keeps honest people honest.
Is that the same thing as saying
said by bbear2:The MAC address filtering keeps honest people off your network.
?
If not, then I suspect that is what you meant to say.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact. |
|
bbear2
join:2003-10-06
94045
kudos:2 | Yes. The honest people who should not be on your network. |
|
| reply to aefstoggaflm
Run Wireshark to see un-encrypted information, but it can't see the allow or block list because the router does not send the list to users. Your NIC will send the information to the router in plain text, but how do you get the MAC that is allowed from the list.
CISCO switches and routers filter MAC address quite effectively and do not send the allowed MAC's, they do not broadcast that information.
So again how do you know the MAC address on the allow list in the routers memory??
Mac address filter in my trade is very important, wired and wireless, this a security flaw with this 2wire (CRAP)... |
|
aefstoggaflmOpen Source FanPremium
join:2002-03-04
Bethlehem, PA
kudos:2 Reviews:
·Verizon Online DSL
1 edit | said by Edward572:Run Wireshark to see un-encrypted information, but it can't see the allow or block list because the router does not send the list to users. Your NIC will send the information to the router in plain text, but how do you get the MAC that is allowed from the list.
CISCO switches and routers filter MAC address quite effectively and do not send the allowed MAC's, they do not broadcast that information.
So again how do you know the MAC address on the allow list in the routers memory??
Mac address filter in my trade is very important, wired and wireless, this a security flaw with this 2wire (CRAP)...
#1 Sniffers always see the MAC Address(es) if connected by wireless or if using a wire if connected to a hub.
#2 For switches (including router with a built in switch), if the attacker does something called ARP Poisoning.
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact. |
|
| I guess I missed that part in school...
I going too visit my school and try to do that, because we have tried this with WireShark with a CISCO router (Wireless) and it was unable to get in. I will have to take your word for it...
BELL should stick to just modems and let the user use there own router, or fix the problem. |
|
aefstoggaflmOpen Source FanPremium
join:2002-03-04
Bethlehem, PA
kudos:2 Reviews:
·Verizon Online DSL
| said by Edward572:BELL should fix the problem.
Why?
As I said MAC Address Filtering only prevents people from connecting by accident.
And once you are using wireless encryption, you are wasting your time doing that.
said by Edward572:BELL should stick to just modems and let the user use there own router.
Why is that?
The users can disable wireless in the modem combo and they can put their modem into bridge mode and use their own router.
Points to
a) »www.wikihow.com/Set-Your-Bell-2W···dge-Mode
b) »AT&T Southeast Forum FAQ »Bridge Mode for the 2Wire 2701HG-B
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact. |
|
