[ previous ] [ next ] [ threads ]
 From:  "Fred Weston" <fred at daytonawan dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] FW: MAC filtering on wireless interfaces
 Date:  Sat, 6 Dec 2003 12:46:51 -0500
I agree.  Access to my APs is not free, so you can see why I am
interested in MAC filtering.  I realize that someone could sniff a
subscriber's MAC address, and then use it to gain access to the AP.
Fortunately, anyone in this area (read: technology dead zone) that knows
how to do it and would actively seek out hot spots, is probably already
a friend of mine so the issue isn't a big deal to me.

-----Original Message-----
From: John Voigt [mailto:1geek at jvoigt dot com] 
Sent: Saturday, December 06, 2003 10:23 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] FW: MAC filtering on wireless interfaces

----- Original Message ----- 
From: "Kamil Wencel" <wencel at radion dot org>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Saturday, December 06, 2003 4:53 AM
Subject: Re: [m0n0wall] FW: MAC filtering on wireless interfaces

> Since MAC address spoofing is a rather common technique
> to pass by WLAN "Security" I would not recommend using it.

Just because MAC spoofing is rather simple to do and can be easily
demonstrated hardly makes it common - I've been running WLANs for
several years and have never had anyone hack someone elses MAC.  You
need to differentiate between those who just want to use this as a tool
and those who play with networks for fun or personal improvement
> Use an IPSEC over WLAN tunnel instead. I myself allow traffic shaped 
> HTTP / HTTPS for geeks who still have fun standing in front of my door

> and want to get online.
> Apart from that, the whole internal infrastructure uses IPSEC to reach

> the internal machines.

Many of the users of monowall are not capable of managing an IPSEC based
setup as evidenced by the number of questions posted here about how to
make it work.  Don't discount a simple improvement that gives some
security just because there is a better (though more complicated) one.

WLANs are inherently insecure but a balance between the effort required
to secure and the value of the data at risk must be made.  Just because
WEP is fairly easily broken is not a reason to turn it off.  MAC
filtering has it's place among other useful security tools.  IPSEC is
more secure.  Seriously valuable data should not be accessible from
WLANs at all.
> --k

John Voigt, President

Reston Wireless, LLC
High speed internet service
no smoke, no mirrors, no wires (tm) http://www.reston-wireless.net/

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch