MAC security (Re: Question about Wireless)

Jeffrey F. Bloss jbloss at
Wed Nov 28 14:42:51 UTC 2007

Richard Bennett wrote:

> On Wed, 28 Nov 2007 00:33:26 +0100, David Vincent  
> <dvincent at> wrote:
> >> Just out of curiosity, is there any known way (not brute force) to  
> >> discover
> >> such permitted MAC addresses that script kids can exploit?
> > Without any encryption on the wireless network it is trivial to capture
> > some packets  (with say, Wireshark) and gather a MAC which is allowed to
> > talk on the network...
> Yes, but if MAC address access control is active you wouldn't get access  
> to the wireless network to do the sniffing.

Not necessary.

I do believe that things like MAC addresses and E/B/SSID are broadcast
in the clear regardless of whether the AP is using WEP/WPA. In fact all
control frames are also in the clear as far as I know. And *SSID is
broadcast in the clear when someone connects even if it's not
configured as a "beacon". Things more or less have to be that way to
set up and maintain the encrypted channel itself, among other reasons.

> Do you think you would still be able to monitor the broadcast address and  
> ARP packets even if your MAC address had not been whitelisted?

You don't need to be on the network to capture traffic. Being wireless,
those radio signals can be sniffed by anyone within range. ;)

     \|/      A lie gets halfway around the world before the
    (. .)         truth has a chance to get its pants on.
-ooo-(_)-ooo----------------------[ Sir Winston Churchill ]---
                         np: Beatallica - Sandman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 903 bytes
Desc: not available
URL: <>

More information about the ubuntu-users mailing list