Wireless: Limiting MAC Address Enough?

[chimi]

Hi everyone, I have a home internet network set up, where the cable modem is plugged into a desktop PC and then I use a router for wireless for my MacBook. When I set it up, I had major problems figuring out how to use a WEP password protected setup. I spent several hours, then gave up and just set it so that only MAC addresses that were on a permitted list were allowed on. I just set it so that only my MacBook's MAC address could get on.

Is there a way to find out if anyone is stealing my Internet? Sometimes it seems a little slow, but that may just be because it's a high-traffic time and the whole neighborhood is using up the bandwidth. I want to find out if anyone is stealing mine. Also I was just generally wondering if using this MAC address blocking is sufficient security and how hard it would be for someone to break in.

Also, if someone broke into my wireless, could they steal anything besides my internet? i.e. could they do anything more malicious?

 

[TJones]

Well someone could spoof their way onto your network by using your MAC and configuring their wifi adapter to it, which would be easy to glean off an open network. Plus there's the whole privacy thing where someone could "listen" to the packets between your computer and router and essentially read your mail, instant messages, any unencrypted web browsing etc..

This is all fairy easy stuff to do with open source tools and average intelligence.

 

[netnothing]

3 myths to wireless security:

1) Allowing only certain MAC addresses will protect me.

Almost anyone who wants to...can spoof your MAC address to get access. Now, this doesn't mean you shouldn't do it. The average Joe, Mom or Pop will be blocked by this method, which is nice. Just don't rely on it for real security.

2) Using WEP instead of WPA is ok.

You *must* get WPA encryption working. Without it you are wide open and anyone can get access. WEP is basically useless, better than nothing, but essentially it will only block the average Joe accessing your router.

3) Disabling my SSID broadcast will stop people from finding my router.

This is where you have your router not broadcast your SSID so that it doesn't show up in people's 'Available Networks' list. Again, disabling this gives a false sense of security. Anyone that really wants to find your router, will find it. Lots of free tools to scan the airwaves. Turning off the SSID broadcast also tends to mess up your machine from getting access at times.

So basically, get WPA working with a nice strong password, and you should be all set. Restricting MAC addresses is helpful in keeping out the general 'I have no idea what I'm doing user', but anyone trying to gain access will sniff for your traffic, grab your MAC address and spoof it.

EDIT: As for finding out if anyone is using your router, you can go into the router admin and look at the logs and even the DHCP table to see who is getting an address from it.

EDIT2: If someone gets access into your wireless router, then they are in your network and can see your machines.

-Kevin

 

[GimmeSlack12]

What kind of router are you using? Turning on wireless security is really a 5 minute ordeal. I'll help when I know what you're using.

 

[yg17]

WPA, or better yet, WPA2 with a good password is all you really need.

SSID hiding and MAC filtering are completely useless.

 

[Raid]

WPA, or better yet, WPA2 with a good password is all you really need.

SSID hiding and MAC filtering are completely useless.

While I know hiding the SSID is not very secure (kinda like trying to hide behind a no parking sign), I still use it as a a subtle way of saying "please don't use this network'. Also (and please correct me if I'm wrong) isn't MAC filtering useful if you're using WPA? (is the MAC address still prone to sniffing with WPA on?)

Oh and while it may not do the OP any good but, if you are using an Airport base station you can see how many computers are connected with the Airport Manager app under Applications>Utilities.

 

[yg17]

Also (and please correct me if I'm wrong) isn't MAC filtering useful if you're using WPA? (is the MAC address still prone to sniffing with WPA on?)

If you're using WPA, what do you need MAC filtering for?

And yes, IIRC, MACs can still be sniffed, they're not encrypted with the rest of the packet

 

[Raid]

If you're using WPA, what do you need MAC filtering for?

Just put one more annoying hurdle between my network and the guy trying to gain access I guess...

Honestly I thought that WPA would negotiate an encrypted addressing to to the wireless session once the connection was established... then to stay secure I guess it would have to change mid-session. I guess I'll be heading over to wiki to figure out how this all works.

 

[bstreiff]

If you're just whitelisting MAC addresses, that doesn't stop people from sniffing packets in the air (remember, they're broadcasted without encryption)-- if an 'authorized client' is connected, then anyone can see at least one MAC address able to connect.

If you're using WEP, things have become a little harder-- but not by much. The WEP algorithm is rather weak if someone listens long enough and collects enough encrypted data. 'Long enough' varies, but I've seen WEP cracked with fifteen minutes worth of data on a busy network.

In either case: Once an attacker is able to associate to your access point, they are able to do just about anything that they would be able to do if they were connected via a wire-- this includes things like trying to access your computer and/or change settings on your router. You've changed the admin password, right?

In short: Use WPA or WPA2 with a good passphrase. Don't even bother with SSID hiding or MAC whitelists, as both are pretty useless. Really, the only reason I've seen not to use WPA/WPA2 is the Nintendo DS (only does WEP, and Nintendo stubbornly refuses to add WPA support), and frankly that's a poor reason.