Find the answer to your Linux question:
Results 1 to 6 of 6
For controlling access to the internet what's more secure MAC filters or IP filtering? Or are they roughly the same. This is for a wireless router....
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie ThoughtVelocity's Avatar
    Join Date
    May 2005
    Location
    OH
    Posts
    160

    IP filters or MAC filters


    For controlling access to the internet what's more secure MAC filters or IP filtering? Or are they roughly the same. This is for a wireless router.
    "If you are out to describe the truth leave elegance to the tailor."
    -Einstein

  2. #2
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    682
    There both about the same, in as much as neither is very good. IP addresses and MAC addresses can be changed very easily, and network traffic can be sniffed to detect valid values for both.

    Depending on what you are going for, WPA is a reasonable solution. Last time I checked WEP could be cracked within three minutes by an attacker generating lots of traffic.

    What kind of set up are you going for?

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  3. #3
    Linux Newbie ThoughtVelocity's Avatar
    Join Date
    May 2005
    Location
    OH
    Posts
    160
    Well, I have WPA enabled but I also saw the option for IP and MAC filtering in addition and wanted to turn that on as well as an extra measure. I just recently noticed about 5 other wireless networks in my area, and decided to start beefing up what I had.
    "If you are out to describe the truth leave elegance to the tailor."
    -Einstein

  4. #4
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    682
    If someone can break WPA, the MAC and IP filtering aren't going stop them for more than a few minutes.

    The best you can do is make sure you have strong keys for your encryption. Check out https://www.grc.com/passwords for suitable random data.

    Another option is to set up a full VPN, but you need an endpoint on the wired end of the network. Then you can set up firewall rules so anything that isn't sent through the VPN gets discarded. Some wireless APs can be reflashed to act as a VPN endpoints, but they tend to have a slightly limited throughput because the processor on them isn't designed to handle to load. This is a highly secure solution if set up correctly though.

    Let us know how you get on,

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  5. #5
    Linux User
    Join Date
    Jan 2005
    Location
    Florida
    Posts
    414
    Adding as many layers to your defense as possible is always a good idea. If a skilled cracker really wants to get into your network there are few things you can do to stop him. I think a good VPN will do the trick but they can be a bugger to set up correctly.
    If you don't have the skill level to set up a VPN just add the mac filtering. That way you have at least added one more layer to your security and hopefully the cracker will just go and find someone down the street who doesn't know that they should secure the network.
    registered linux user: 387197

  6. #6
    Just Joined!
    Join Date
    Jul 2004
    Posts
    9
    To your first question. I personally think MAC is a bit securer. Because if for example someone from your local network shouldnt have internet access, he could just ping a bit around to see what IPs are around and resolve their name. Most likely the PCs have a name so he could just ping the name and get the IP (other way around). It doesn't take much knowledge at all to do that. To get a MAC adress it is already harder and also I'm guessing you would have an IP range defined that you can get access to the internet with. My personal opinion

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •