Protected WLAN

Sun May 22 23:00:34 UTC 2011

On Sun, 2011-05-22 at 08:40 -0700, JD wrote:
> I was referring to the use of MAC filtering which is
> soundly defeated by the transmission of the MAC
> in the clear. So, MAC filtering is absolutely useless
> as a security measure.
> If I turn off my machine, the hacker has my MAC, and
> will have 1 less thing to worry about getting.
>  
> My reliance is then totally on wpa2-psk/aes and a
> well chosen 63 byte pass-phrase.

Yay!  He's got it...

You do realise what the MAC is for?  It's the name of that particular
hardware interface, it's address, it's location...  So that when data
goes out on the wire, that's where it's intended for.

As far as network switches and routers go, it's the way of saying data
for IP 192.168.1.whatever goes to/through MAC xx:yy:zz:etc.  It's the
MAC it's using.

It's a vital part of basic networking, whether encrypted or not, it
can't be hidden from view.

Filtering using it can only ever be slightly effective.  Likewise with
filtering by IP.  Both are readily seen on a network, even if the data
can't be read.  And both are easily changed.

Encryption, on the other hand, involves co-relating pseudo-random keys
on both half of the connection.  Where the key is a computation against
a pass-phrase, and requires both sides to use the same pass phrase, and
maths.  A third party is going to have one hell of a time trying to fake
their way into that, unless the encryption scheme is crap (e.g. WEP and
WPA are useless).

Usually, well encrypted connections are hacked by:  Guessing stupidly
chosen passwords or stealing them (copying written notes, implanting
trojans, asking someone to login to something and hoping they'll use the
same password).  The latter being dead easy.  Lots of people use the
same password for everything.  And how often do you see some website
that asks you to login using your Hotmail address and password?  And
people do, without giving any thought about it.

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.