Re: [PLUG] personal WiFi security: Stopping the barbarians at the gates

[Matt Mossholder <matt@mossholder.com>]

On Thu, Jul 14, 2011 at 9:08 AM, Rich Freeman <r-plug@thefreemanclan.net> wrote:

On Thu, Jul 14, 2011 at 8:47 AM, Floyd Johnson <fljohnson3@isp.com> wrote:
> (2) One should restrict the set of machines to which access to the
> personal WLAN is granted, based on the MAC address in the network
> hardware of said machines.

I've always been annoyed by this provision which seems to get so much
traction? ÂIf somebody is able to break your WPA2 protection, is
spoofing a MAC going to be anything more than a trivial obstacle?

I could see the paranoid running VPN over the link, but MAC filtering?

RichÂ

Agreed, Rich. MAC filtering is useless (you can easily change your MAC, and the MAC is sent in the clear with every frame). ÂAlso, not broadcasting your SSID is mostly pointless as well, since the SSID is sent in the clear when you first connect to the network. The real protection lies in WPA2, with a nice, long, randomized key.

   --MattÂ

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug