Find the answer to your Linux question:
Results 1 to 7 of 7
I had a neighbor who was using my wireless. So I changed my wireless to (1) not broadcast its SSID and (2) require the MAC address to be in my ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2006
    Posts
    5

    Wireless security using MAC address


    I had a neighbor who was using my wireless. So I changed my wireless to (1) not broadcast its SSID and (2) require the MAC address to be in my access table.

    I've read from multiple sources that neither of these precautions are considered "secure". Does anybody know why?

    I do not have a need for encryption since I don't do credit cards over wireless or any business information. I only want to prevent people from piggy-backing on my network and using my bandwidth.

    TIA for your comments.

  2. #2
    Linux Guru Vergil83's Avatar
    Join Date
    Mar 2004
    Posts
    2,407
    Your MAC address is transfered over the wireless. Anyone can run a program, get your MAC, and change their computer's MAC to yours. SSID is also not very useful.

    If you neighbor is just doing it because your wireless was open, that may be enough to stop it. However, anyone who really wants to can easily break it. If you want to really stop piggybacking, you have to go the wpa route
    Brilliant Mediocrity - Making Failure Look Good

  3. #3
    Just Joined!
    Join Date
    Dec 2006
    Posts
    5

    Further clarification--

    Thank you for your prompt reply.

    I am a little unsure as to how someone could read the mac addresses in my router (actually in the WAP). I assume that you are saying that a rogue wanting access would have to get the mac address WHILE a wireless user was using the WAP. If this is the case, then I can understand the vulnerability. However, the users of the WAP are either sporadic (the wife brings her laptop home to do some work) or constant (wireless printers that are always connected). So, if a rogue got a mac address, it would either be useless (since it is always used) or would only be useful when the wife or kid left the house. Since the WAP has the access list, how's a program going to communicate with the WAP before connection to the router? Don't you have to connect to some program running on one of the PC's?

    Is my thinking still messed up? Is WEP my only option?


    TIA.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru AlexK's Avatar
    Join Date
    Feb 2005
    Location
    Earth
    Posts
    3,379
    Think of it like this:
    When a wireless device communicates to the router it sends its MAC address in the Ethernet packet. Your neighbor can pick this up by using a sniffing tool (does not require computer to be connected to a router) as wireless data is broadcast in all directions. Now he/she can change his/her computer's MAC address and gain access provided that the router's ARP cache/table contains the new MAC/IP pairings and ofcourse he/she provides the correct WEP key. Now suppose your neighbor accesses the router while your wife's computer is not at home, with the MAC address he/she can still get to the internet.

    The best defense in your situation would be to use WPA not WEP pass phrase to enable access to the network. The reasoning behind this is that WEP is easily cracked and is generally not recommended.
    Life is complex, it has a real part and an imaginary part.

  6. #5
    Just Joined!
    Join Date
    Dec 2006
    Posts
    5

    Thank you!

    Thank you for your enlightening explanation.

    I would assume this sniffer is actually a receiver that just looks at packets exchanged between the WAP/router and the wireless cards. Then knowledge of packet structure would allow identification of the mac address within the packet.

    I really do appreciate your detailed explanation of this concept. Thanks again.

  7. #6
    Linux Guru AlexK's Avatar
    Join Date
    Feb 2005
    Location
    Earth
    Posts
    3,379
    Quote Originally Posted by xa49rt
    I would assume this sniffer is actually a receiver that just looks at packets exchanged between the WAP/router and the wireless cards. Then knowledge of packet structure would allow identification of the mac address within the packet.
    Yes that is entirely correct, if you want to see what these packets look like when your computer communicates to the router (whether it be wired or wireless), use a program like Ethereal to sniff packets going from and coming to your computer.
    Life is complex, it has a real part and an imaginary part.

  8. #7
    Just Joined!
    Join Date
    Dec 2006
    Posts
    5

    Thanks again Alex

    Alex,

    Thanks again for your clarification. I sincerely appreciate your time and knowledge.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •