mac address

David Miller david3d-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Oct 5 18:05:39 EDT 2010


> MAC filtering is useful to prevent casual or unintentional use of an
> otherwise open network. Much the same way that turning off broadcast of
> the network ID discourages casual use, but has no real impact on
> security. But both can have some value in slightly raising the bar
> against attacks, in the same way as having ssh listen on an alternate
> port does.
>
>  -Tom
>

Both the MAC and SSID are in the non-encrypted portion of a wireless
packet and have to be for wireless to work.  Looking at this data can
be done without any knowledge of the target.  So it's more similar to
the protection of moving ssh to a non-standard port and then
broadcasting the port number to the network that ssh can be found at
if such a protocol existed for that.

To pull off an attack on a ssh on a non-standard port you have to at
least port scan the target which will likely result in traffic from
your IP address being blocked.  Although this can be done in a
distributed manner making it tough to detect.

This wouldn't really slow down anyone with the knowledge to
maliciously break into a wireless network.  But MAC filtering like you
say prevent the casual use or an otherwise protected network.  Similar
to how moving the port of ssh will prevent a script kiddy from running
brute force attempts against your server.
--
David






More information about the Discuss mailing list