connecting to a hidden WAP router

Derek Broughton derek at
Wed Jan 21 16:02:46 UTC 2009

David McGlone wrote:

> On Tuesday 20 January 2009 10:07:15 pm Derek Broughton wrote:
>> David McGlone wrote:
>> > On Tuesday 20 January 2009 10:41:40 am Joel Oliver wrote:
>> >> > So how do folks connect to routers that don't broadcast their
>> >> > essid's -- what is the point of that router option if one cannot
>> >> > connect to it?
>> >>
>> >> There's really no security benifit at all by hiding your essid, as it
>> >> can be sniffed in the air.  Just like the "MAC" address filter, which
>> >> also sounds like a good idea... Hey, I will only let my computers
>> >> connect and block all others.  It's a simple matter of sniffing and
>> >> spoofing it.
>> >
>> > This is what I do. I only let my mac addresses connect to my network.
>> Not really.  You only let network interfaces _claiming_ to be your MAC
>> addresses connect to the network.  Unfortunately, every NIC is required
>> by the ethernet protocol to announce its MAC address with every packet it
>> sends, and any sniffer can find the MACs on your network - and then
>> making another NIC send that address is trivial.
> Is this bad? Should I use something better?

It's not "bad" - there are advantages to checking the MAC address of 
connections, you just need to be aware that it can't actually prevent 
anybody from connecting to your system if they really want to.

Not checking the MAC addresses is like leaving your house unlocked.  Using 
just MAC addresses for security is like hiding the key under the welcome 
mat.  Using encrypted connections but not checking MAC addresses would be 
like leaving the house unlocked - but with the burglar alarm armed :-)

More information about the kubuntu-users mailing list