On Sunday 22 May 2011 04:57:42 JD wrote:
On 05/21/11 20:05, Mikkel L. Ellertson wrote:
On 05/21/2011 09:22 PM, JD wrote:
On routers using MAC filtering, How quickly do the crackers guess a correct MAC address and connect (assuming they somehow got your passphrase)?
They do not usually guess. The use a program that monitors the traffic, and captures the MAC address of any system that connects to the router. They then use one of these to connect.
So, the initial connection request goes in the clear! Now that's security!! :)
AFAIK, the MAC addresses of access point and its clients are never encrypted. Meaning, it's not just initial connection request that goes in the clear, it's *entire* communication between a client and an AP that has world-visible MAC addresses of both. Every packet.
So you may catch a MAC address of a client which has initiated the connection yesterday when you were not around, if it is still connected. :-)
You can try it yourself, to see what's going on in the wifi world around you:
1) yum install aircrack-ng 2) open a terminal, become root 3) use airmon-ng to put your wireless hardware into promiscuous mode 4) use airodump-ng to start looking at the wifi trafic around you 5) read both AP and clients MAC addresses on your screen, dynamically
You may wish to read man pages for airmon-ng and airodump-ng to learn the details. ;-)
Best, :-) Marko