MAC security (Re: Question about Wireless)

Derek Broughton news at pointerstop.ca
Tue Nov 27 16:21:50 UTC 2007 

Miano, Steven M. wrote:

>> bounces at lists.ubuntu.com] On Behalf Of Felipe Figueiredo
>>
>> Em Tuesday 27 November 2007 12:45:26 Nils Kassube escreveu:
>>
>> > MAC filtering means that the AP only talks to a known set of MAC
...
>> Interesting. I assume one would have to know beforehand of a permitted
>> MAC in order to use this attack vector.
>>
>> Just out of curiosity, is there any known way (not brute force) to
>> discover
>> such permitted MAC addresses that script kids can exploit?

ethereal/wireshark

> The WAP I use at home only accepts 4 different MAC addresses, my laptop,
> my work laptop, my roommate's laptop, and my roommate's work laptop. It
> also only allows for 7 IPs to be leased out from it, ever. If someone were
> to sniff the packets and discover any of the 4 different MAC addresses and
> then spoof the MAC address with their own computer, that's fabulous, and
> if they really want to go that far to use our internet connection, good on
> them.

It's not fabulous, because it can make it impossible for _you_ to use that
MAC.

> Sniffing packets at a local Starbucks you can farm MAC addresses if you
> really want to, but really it's not something that anyone would really
> have an interest in doing.

?? It certainly is.  With a router between your LAN and the Internet, you
really don't have to worry too much about intrusions from the Internet -
and if you're using HTTPS and TLS for anything sensitive they can't sniff
the data - but if you're letting somebody onto your wireless LAN, suddenly
they're inside your firewall and have access to your own computers.

> Seriously though, how secure do you need your WAP, and what do you do for
> a living that you need to wear that tin foil hat?

This is just basic security - not "tin foil hat" territory, but it's pretty
funny when you follow it by _this_ which is real tin foil hat stuff:
> 
> CONFIDENTIALITY NOTICE: This e-mail may contain information that is
> privileged, confidential or otherwise protected from disclosure. If you
> are not the intended recipient of this e-mail, please notify the sender
> immediately by return e-mail, purge it and do not disseminate or copy it.

-- 
derek

More information about the ubuntu-users mailing list