MAC security (Re: Question about Wireless)

Nils Kassube kassube at
Tue Nov 27 15:47:37 UTC 2007

Felipe Figueiredo wrote:
> Em Tuesday 27 November 2007 12:45:26 Nils Kassube escreveu:
> > MAC filtering means that the AP only talks to a known set of MAC
> > addresses. It isn't secure because you can set some (maybe all?)
> > wireless cards to arbitrary MAC addresses - but there are problems
> > doing it. 1) It may be illegal. 2) If the real owner of that MAC
> > address is active there will be lots of collisions and possibly both
> > clients can't do anything usefull.
> Interesting. I assume one would have to know beforehand of a permitted
> MAC in order to use this attack vector.
> Just out of curiosity, is there any known way (not brute force) to
> discover such permitted MAC addresses that script kids can exploit?

Well, not exactly, i.e. the AP doesn't transmit a list of accepted 
clients. But if you can listen to the traffic of the AP with a particular 
client you can find out the client's MAC. I don't know exactly which 
program to use, but I suppose there are several available. If you google 
for "wordriving" you will probably find them. Or maybe in the links in 
this article about cracking WEP are a starting point: 


More information about the ubuntu-users mailing list