doc question on private network IP allocation

Shane Dawalt sdawalt at
Tue Oct 18 22:09:12 UTC 2011

On 10/18/2011 08:42 AM, Tim wrote:
> On Mon, 2011-10-17 at 10:32 +0200, Reindl Harald wrote:
>> your understanding of security is simply broken
> No, yours is, if you believe that something that has no ability to
> provide any security, can actually do so.
> It's been a MYTH for quite some time that MAC filtering protects your
> network.  It doesn't, it cannot.  It's up there with the foolish beliefs
> about hiding SSIDs.
> Passwords are part of security.
> Encryption is part of security.
> MAC filtering is merely network management.
> Security is about enforcement.  MAC filtering has no enforcement
> ability.

   I hope you recognize the irony of your reply.  Passwords can be 
brute-force attacked and/or sniffed.  Encryption can be broken (some 
more so than others of course).   You've relegated MAC filtering to the 
abyss for being hackable. But as with MAC filtering, given the proper 
conditions and/or skill sets, the other options can be equally ineffective.

   I won't belabor why MAC filtering is reasonable - it's been addressed 
several times by others, but I would ask this: would it surprise you to 
learn that a good many enterprise-level network manufacturers have best 
practices that employ MAC filtering (in combination with other features) 
as a method for securing enterprise-level networks against unwanted entry?


More information about the users mailing list